CVE-2026-6963 HIGH

CVE-2026-6963: WP Mail Gateway <= 1.8 - Missing Authorization to Authenticated (Subscriber+) SMTP Configuration Modification via 'wmg_save_provider_config' AJAX Action

Vendor Shahariaazam
Product WP Mail Gateway
Weakness CWE-862 · Missing authorization
Published May 2, 2026
Last update May 4, 2026

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

The WP Mail Gateway plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wmg_save_provider_config AJAX action in all versions up to, and including, 1.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update SMTP settings and redirect mail which can be used for privilege escalation by triggering a password reset email and using that to access and administrator's account.

Explanation of Vulnerability in Simple Terms

02Summary

WP Mail Gateway versions 1.8 and earlier lack proper authorization checks, allowing authenticated users with low privileges to read sensitive data, modify site content, or disrupt service. An attacker needs only a standard user account to exploit this vulnerability. Site administrators should update immediately to a version newer than 1.8.

What an attacker can do

03Attacker Capabilities

Read sensitive data, modify content, or disrupt the site's mail gateway functionality.

Potential impact on your site

04Site Impact

Any registered user can access or modify mail gateway settings and data intended for administrators only.

Conditions required to exploit

05Prerequisites

Attacker must have a low-privilege user account on the WordPress site.

Key dates

06Disclosure timeline

May 2, 2026 CVE published
May 4, 2026 Record updated

Related vulnerabilities

08Related CVE