What the vulnerability does
01Description
Authentication Bypass Using an Alternate Path or Channel vulnerability in Saad Iqbal Post SMTP post-smtp allows Authentication Bypass.This issue affects Post SMTP: from n/a through <= 3.2.0.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Authentication Bypass Using an Alternate Path or Channel vulnerability in Saad Iqbal Post SMTP post-smtp allows Authentication Bypass.This issue affects Post SMTP: from n/a through <= 3.2.0.
Explanation of Vulnerability in Simple Terms
Post SMTP versions 3.2.0 and earlier contain an authentication bypass vulnerability. An attacker with low-level site access can read, modify, or delete sensitive data and configuration without proper authorization checks. The vulnerability affects the plugin's core functionality and requires only network access and valid user credentials to exploit.
What an attacker can do
Read, modify, or delete sensitive site data and plugin configuration with low-level user credentials.
Potential impact on your site
Low-privilege users can access and alter email settings, SMTP credentials, and other protected plugin data.
Conditions required to exploit
Attacker needs a low-privilege user account on the site; no user interaction required.
Key dates
External resources