CVE-2023-6875 – This vulnerability allows unauthenticated attac... (How to Fix)

Q: What is the severity of CVE-2023-6875?

CVE-2023-6875 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows unauthenticated attackers to bypass authentication on the POST SMTP Mailer WordPress plugin's REST API endpoint due to a type juggling issue. Attackers can reset the API key used for mailer authentication and view email logs containing sensitive information like password reset emails, potentially leading to complete site takeover. All WordPress sites using POST SMTP Mailer plugin versions up to 2.8.7 are affected.

📋 TL;DR

This vulnerability allows unauthenticated attackers to bypass authentication on the POST SMTP Mailer WordPress plugin's REST API endpoint due to a type juggling issue. Attackers can reset the API key used for mailer authentication and view email logs containing sensitive information like password reset emails, potentially leading to complete site takeover. All WordPress sites using POST SMTP Mailer plugin versions up to 2.8.7 are affected.

💻 Affected Systems

Products:

POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress

Versions: All versions up to and including 2.8.7

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Affects WordPress installations with the vulnerable plugin enabled. No special configuration required.

📦 What is this software?

Post Smtp by Wpexperts

View all CVEs affecting Post Smtp →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete site takeover through password reset email interception, administrative access compromise, and potential data exfiltration.

🟠

Likely Case

Unauthorized access to email logs containing sensitive information, API key reset disrupting email functionality, and potential credential harvesting.

🟢

If Mitigated

Limited impact if proper network segmentation and monitoring are in place, though authentication bypass remains possible.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details and proof-of-concept code are publicly available. The vulnerability requires minimal technical skill to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.8.8 and later

Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3016051/post-smtp/trunk?contextall=1&old=3012318&old_path=%2Fpost-smtp%2Ftrunk

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find POST SMTP Mailer plugin. 4. Click 'Update Now' if update available. 5. Alternatively, download version 2.8.8+ from WordPress repository and manually update.

🔧 Temporary Workarounds

Disable vulnerable REST endpoint

all

Temporarily disable the connect-app REST endpoint via .htaccess or web server configuration

# Add to .htaccess for Apache:
RewriteRule ^wp-json/post-smtp/v1/connect-app - [F,L]
# Add to nginx config:
location ~* ^/wp-json/post-smtp/v1/connect-app { deny all; }

Disable plugin

linux

Temporarily disable POST SMTP Mailer plugin until patched

wp plugin deactivate post-smtp

🧯 If You Can't Patch

Disable the POST SMTP Mailer plugin immediately
Implement web application firewall rules to block requests to /wp-json/post-smtp/v1/connect-app endpoint

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → POST SMTP Mailer → Version. If version is 2.8.7 or lower, system is vulnerable.

Check Version:

wp plugin get post-smtp --field=version

Verify Fix Applied:

Verify plugin version is 2.8.8 or higher in WordPress admin panel. Test API endpoint access attempts should fail.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /wp-json/post-smtp/v1/connect-app
Multiple failed authentication attempts followed by successful API key reset
Unexpected email log access from unfamiliar IP addresses

Network Indicators:

HTTP requests to vulnerable REST endpoint from external IPs
Unusual traffic patterns to WordPress REST API

SIEM Query:

source="web_logs" AND (uri_path="/wp-json/post-smtp/v1/connect-app" OR user_agent CONTAINS "post-smtp-exploit")

📊 Metadata

CVE ID: CVE-2023-6875

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-862

Published: January 11, 2024

Last Updated: June 4, 2025

🔗 References

http://packetstormsecurity.com/files/176525/WordPress-POST-SMTP-Mailer-2.8.7-Authorization-Bypass-Cross-Site-Scripting.html Third Party Advisory,VDB Entry
https://plugins.trac.wordpress.org/browser/post-smtp/trunk/Postman/Mobile/includes/rest-api/v1/rest-api.php#L60 Issue Tracking
https://plugins.trac.wordpress.org/changeset/3016051/post-smtp/trunk?contextall=1&old=3012318&old_path=%2Fpost-smtp%2Ftrunk Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/e675d64c-cbb8-4f24-9b6f-2597a97b49af?source=cve Third Party Advisory
http://packetstormsecurity.com/files/176525/WordPress-POST-SMTP-Mailer-2.8.7-Authorization-Bypass-Cross-Site-Scripting.html Third Party Advisory,VDB Entry
https://plugins.trac.wordpress.org/browser/post-smtp/trunk/Postman/Mobile/includes/rest-api/v1/rest-api.php#L60 Issue Tracking
https://plugins.trac.wordpress.org/changeset/3016051/post-smtp/trunk?contextall=1&old=3012318&old_path=%2Fpost-smtp%2Ftrunk Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/e675d64c-cbb8-4f24-9b6f-2597a97b49af?source=cve Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-6875, you might also want to check these: