CVE-2025-12887
📋 TL;DR
The Post SMTP WordPress plugin has an authorization bypass vulnerability that allows authenticated attackers with subscriber-level access or higher to inject malicious OAuth credentials. This could enable attackers to compromise email sending capabilities. All WordPress sites using Post SMTP plugin versions up to 3.6.1 are affected.
💻 Affected Systems
- Post SMTP Mailer/Email Log
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could hijack email sending functionality to send phishing emails, spam, or malicious content from legitimate domains, damaging reputation and enabling further attacks.
Likely Case
Attackers with subscriber accounts inject invalid OAuth credentials, disrupting legitimate email sending functionality or gaining limited control over email operations.
If Mitigated
With proper access controls and monitoring, impact is limited to temporary service disruption rather than credential compromise.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once an attacker has subscriber-level credentials.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.6.2
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3402203
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Post SMTP Mailer/Email Log. 4. Click 'Update Now' if available, or download version 3.6.2+ from WordPress repository. 5. Activate updated plugin.
🔧 Temporary Workarounds
Disable Post SMTP Plugin
linuxTemporarily disable the vulnerable plugin until patching is possible
wp plugin deactivate post-smtp
Restrict User Registration
allDisable new user registration to prevent attackers from creating subscriber accounts
🧯 If You Can't Patch
- Disable the Post SMTP plugin entirely and use alternative email sending methods
- Implement strict access controls and monitor for unauthorized OAuth credential changes
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Installed Plugins → Post SMTP Mailer/Email Log versionCheck Version:
wp plugin get post-smtp --field=versionVerify Fix Applied:
Confirm plugin version is 3.6.2 or higher in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- Unauthorized POST requests to /wp-admin/admin-ajax.php with action=handle_gmail_oauth_redirect
- Failed OAuth authentication attempts from unexpected user accounts
- Changes to Post SMTP OAuth configuration from non-admin users
Network Indicators:
- Unusual API calls to Google OAuth endpoints from your WordPress instance
- Increased authentication requests to email services
SIEM Query:
source="wordpress" AND (uri_path="/wp-admin/admin-ajax.php" AND post_data LIKE "%handle_gmail_oauth_redirect%") AND user_role!="administrator"