[WordPress Security] Attackers Actively Exploiting Critical Vuln=
erability in Post SMTP Plugin
=20
=20
=20
=20
=20
=20
=20
=20
@media only screen and (max-w=
idth:639px){img.stretch-on-mobile,.hs_rss_email_entries_table img,.hs-stret=
ch-cta .hs-cta-img{height:auto !important;width:100% !important}
.display_block_on_small_screens{display:block}.hs_padded{padding-left:20px =
!important;padding-right:20px !important}
.hs-hm,table.hs-hm{display:none}.hs-hd{display:block !important}table.hs-hd=
{display:table !important}
}@media only screen and (max-width:639px){.hse-border-m{border-left:0px sol=
id #008cc1 !important;border-right:0px solid #008cc1 !important;box-sizing:=
border-box}
.hse-border-bottom-m{border-bottom:0px solid #008cc1 !important}.hse-border=
-top-m{border-top:0px solid #008cc1 !important}
.hse-border-top-hm{border-top:none !important}.hse-border-bottom-hm{border-=
bottom:none !important}
}.moz-text-html .hse-column-container{max-width:600px !important;width:600p=
x !important}
.moz-text-html .hse-column{display:table-cell;vertical-align:top}.moz-text-=
html .hse-section .hse-size-4{max-width:200px !important;width:200px !impor=
tant}
.moz-text-html .hse-section .hse-size-8{max-width:400px !important;width:40=
0px !important}
.moz-text-html .hse-section .hse-size-12{max-width:600px !important;width:6=
00px !important}
@media only screen and (min-width:640px){.hse-column-container{max-width:60=
0px !important;width:600px !important}
.hse-column{display:table-cell;vertical-align:top}.hse-section .hse-size-4{=
max-width:200px !important;width:200px !important}
.hse-section .hse-size-8{max-width:400px !important;width:400px !important}=
.hse-section .hse-size-12{max-width:600px !important;width:600px !important=
}
}@media only screen and (max-width:639px){.hse-body-wrapper-td{padding-top:=
20px !important}
#section-0 .hse-column-container{background-color:#fff !important} }@media =
only screen and (max-width:639px){ #section-1 .hse-column-container{backgro=
und-color:#fff !important}
}@media only screen and (max-width:639px){ #section-2 .hse-column-container=
{background-color:#fff !important}
}@media screen and (max-width:639px){.social-network-cell{display:inline-bl=
ock} }
@media only screen and (max-width:639px){ #section_176167242849417 .hse-col=
umn-container{padding-top:0px !important;padding-bottom:0px !important}
#section_176167242849417 .hse-column-container{background-color:#fff !impor=
tant}
}@media only screen and (max-width:639px){ #section-3 .hse-column-container=
{background-color:#fff !important}
}@media only screen and (max-width:639px){ #section-4 .hse-column-container=
{background-color:#fff !important}
}@media only screen and (max-width:639px){ #section-5 .hse-column-container=
{background-color:#fff !important}
}@media only screen and (max-width:639px){ #section-6 .hse-column-container=
{background-color:#fff !important}
}@media only screen and (max-width:639px){ #section-7 .hse-column-container=
{background-color:#fff !important}
}@media only screen and (max-width:639px){.hse-body-wrapper-td{padding-bott=
om:20px !important}
#section-8 .hse-column-container{background-color:#fff !important} }#hs_body #hs_cos_wrapper_main a[x=
-apple-data-detectors]{color:inherit !important;text-decoration:none !impor=
tant;font-size:inherit !important;font-family:inherit !important;font-weigh=
t:inherit !important;line-height:inherit !important}
a{text-decoration:underline}p{margin:0}body{-ms-text-size-adjust:100%;-webk=
it-text-size-adjust:100%;-webkit-font-smoothing:antialiased;moz-osx-font-sm=
oothing:grayscale}
table{border-spacing:0;mso-table-lspace:0;mso-table-rspace:0}table,td{borde=
r-collapse:collapse}
img{-ms-interpolation-mode:bicubic}p,a,li,td,blockquote{mso-line-height-rul=
e:exactly}
.ShadowHTML p,.sh-modified-inline p{margin:0}
ersion of this plugin as soon as possible.
=20
=20
=20
=20
=20
=20
On October 11th, 2025, =
we received a submission for an Account Takeover via Email Log Disclosure vulnerability in Post =
SMTP, a WordPress plugin with more than 400,000 active installations.
This vulnerability makes it possible for an u=
nauthenticated attacker to view email logs, including password reset emails=
, and change the password of any user, including an administrator, which al=
lows them to take over the account and the website.
Read The Full Post Here
We originally published this vulnerability on=
October 31st, 2025 and our records indicate that attackers started exploit=
ing the issue the next day on November 1st, 2025. It appears mass exploitation started the following day, on Novemb=
er 2nd, 2025. The Wordfence Firewall has already blocked over 10,300 exploi=
t attempts targeting this vulnerability.
Wordfence Premium, Wo=
rdfence Care, and Wordfence Response users receive=
d a firewall rule to protect against any exploits targeting this vulnerabil=
ity on October 15, 2025. Sites using the free version of Wordfence received=
the same protection 30 days later on November 14, 2025.
Considering this vulnerabil=
ity is under active attack, we urge users to ensure their sites are updated=
with the latest patched version of Post SMTP, version 3.6.1 at the time of=
this writing, as soon as possible.
READ THE FULL POST HERE
=F0=9F=8F=86 Current Bug Bounty=
Promotions: =F0=9F=8F=86
=F0=9F=93=81 The LFInder Challenge: Refine your LFI hunting skills with an expanded scope.
=F0=9F=94=8D Now through November 24, 2025, all LFI vulnerabilities in sof=
tware with at least 25 active installs are considered in-scope for all rese=
archers, regardless of researcher tier, AND earn a 30% bonus o=
n all Local File Inclusion vulnerability submissions not alre=
ady increased by another promotion.
Read our guide on how to find =
LFI vulnerabilities to level up your skills for this promotion.
Join The Wordfence Bug Bounty Program today: Submit bold, Earn big! =F0=9F=94=A5
=20
=20
For The Latest WordPress Security Updates, Alerts, and Education =
Did you know that we publish educational and informational WordP=
ress security content almost daily on most of your favorite soc=
ial media platforms?
Follow us =
on your platforms of choice and join us in r/wordfence – a new home for all things WordPress security related.
=20
=20
=20
=20
=20
=20
=20
=20
=20
=20
Defiant, Inc., 1700 Westlake Ave N STE 200
Seattle, WA 98109 United States
Unsubscribe Manage Preferences
=20
=20
You’re receiving this email because you signed up to the Wordfe=
nce WordPress security mailing list.
=20
=20
[flipbook]