{"id":1213,"date":"2025-11-19T18:12:19","date_gmt":"2025-11-19T18:12:19","guid":{"rendered":"https:\/\/1stattorneys.ng\/?p=1213"},"modified":"2026-01-09T06:01:02","modified_gmt":"2026-01-09T06:01:02","slug":"wordpress-security-attackers-actively-exploiting-critical","status":"publish","type":"post","link":"https:\/\/1stattorneys.ng\/?p=1213","title":{"rendered":"[WordPress Security] Attackers Actively Exploiting Critical"},"content":{"rendered":"

[WordPress Security] Attackers Actively Exploiting Critical Vuln=
erability in Post SMTP Plugin<\/p>\n

=20
=20
=20<\/p>\n

=20
=20
=20
=20
=20
@media only screen and (max-w=
idth:639px){img.stretch-on-mobile,.hs_rss_email_entries_table img,.hs-stret=
ch-cta .hs-cta-img{height:auto !important;width:100% !important}
.display_block_on_small_screens{display:block}.hs_padded{padding-left:20px =
!important;padding-right:20px !important}
.hs-hm,table.hs-hm{display:none}.hs-hd{display:block !important}table.hs-hd=
{display:table !important}
}@media only screen and (max-width:639px){.hse-border-m{border-left:0px sol=
id #008cc1 !important;border-right:0px solid #008cc1 !important;box-sizing:=
border-box}
.hse-border-bottom-m{border-bottom:0px solid #008cc1 !important}.hse-border=
-top-m{border-top:0px solid #008cc1 !important}
.hse-border-top-hm{border-top:none !important}.hse-border-bottom-hm{border-=
bottom:none !important}
}.moz-text-html .hse-column-container{max-width:600px !important;width:600p=
x !important}
.moz-text-html .hse-column{display:table-cell;vertical-align:top}.moz-text-=
html .hse-section .hse-size-4{max-width:200px !important;width:200px !impor=
tant}
.moz-text-html .hse-section .hse-size-8{max-width:400px !important;width:40=
0px !important}
.moz-text-html .hse-section .hse-size-12{max-width:600px !important;width:6=
00px !important}
@media only screen and (min-width:640px){.hse-column-container{max-width:60=
0px !important;width:600px !important}
.hse-column{display:table-cell;vertical-align:top}.hse-section .hse-size-4{=
max-width:200px !important;width:200px !important}
.hse-section .hse-size-8{max-width:400px !important;width:400px !important}=
.hse-section .hse-size-12{max-width:600px !important;width:600px !important=
}
}@media only screen and (max-width:639px){.hse-body-wrapper-td{padding-top:=
20px !important}
#section-0 .hse-column-container{background-color:#fff !important} }@media =
only screen and (max-width:639px){ #section-1 .hse-column-container{backgro=
und-color:#fff !important}
}@media only screen and (max-width:639px){ #section-2 .hse-column-container=
{background-color:#fff !important}
}@media screen and (max-width:639px){.social-network-cell{display:inline-bl=
ock} }
@media only screen and (max-width:639px){ #section_176167242849417 .hse-col=
umn-container{padding-top:0px !important;padding-bottom:0px !important}
#section_176167242849417 .hse-column-container{background-color:#fff !impor=
tant}
}@media only screen and (max-width:639px){ #section-3 .hse-column-container=
{background-color:#fff !important}
}@media only screen and (max-width:639px){ #section-4 .hse-column-container=
{background-color:#fff !important}
}@media only screen and (max-width:639px){ #section-5 .hse-column-container=
{background-color:#fff !important}
}@media only screen and (max-width:639px){ #section-6 .hse-column-container=
{background-color:#fff !important}
}@media only screen and (max-width:639px){ #section-7 .hse-column-container=
{background-color:#fff !important}
}@media only screen and (max-width:639px){.hse-body-wrapper-td{padding-bott=
om:20px !important}
#section-8 .hse-column-container{background-color:#fff !important} }#hs_body #hs_cos_wrapper_main a[x=
-apple-data-detectors]{color:inherit !important;text-decoration:none !impor=
tant;font-size:inherit !important;font-family:inherit !important;font-weigh=
t:inherit !important;line-height:inherit !important}
a{text-decoration:underline}p{margin:0}body{-ms-text-size-adjust:100%;-webk=
it-text-size-adjust:100%;-webkit-font-smoothing:antialiased;moz-osx-font-sm=
oothing:grayscale}
table{border-spacing:0;mso-table-lspace:0;mso-table-rspace:0}table,td{borde=
r-collapse:collapse}
img{-ms-interpolation-mode:bicubic}p,a,li,td,blockquote{mso-line-height-rul=
e:exactly}
.ShadowHTML p,.sh-modified-inline p{margin:0}<\/p>\n

We urge users to update their sites with the latest patched v=
ersion of this plugin as soon as possible.<\/div>\n

=20<\/p>\n

\n
\n
=20
=20\n
=20\n
\n
\n

<\/p>\n<\/div>\n<\/div>\n<\/div>\n

=20<\/p>\n<\/div>\n

=20
=20\n
=20\n
\n
\n

<\/p>\n<\/div>\n<\/div>\n<\/div>\n

=20<\/p>\n<\/div>\n

=20
=20\n
=20\n
\n
\n
\n

On October 11th, 2025, =
we received a submission for an Account Takeover via Email Log Disclosure vulnerability in\u00a0Post =
SMTP, a WordPress plugin with more than 400,000 active installations.<\/p>\n

\u00a0<\/p>\n

This vulnerability makes it possible for an u=
nauthenticated attacker to view email logs, including password reset emails=
, and change the password of any user, including an administrator, which al=
lows them to take over the account and the website.<\/p>\n

\u00a0<\/p>\n

Read The Full Post Here<\/p>\n

\u00a0<\/p>\n

We originally published this vulnerability on=
October 31st, 2025 and our records indicate that attackers started exploit=
ing the issue the next day on November 1st, 2025. It appears mass exploitation started the following day, on Novemb=
er 2nd, 2025. The Wordfence Firewall has already blocked over 10,300 exploi=
t attempts targeting this vulnerability.<\/p>\n

\u00a0<\/p>\n

Wordfence Premium,\u00a0Wo=
rdfence Care, and\u00a0Wordfence Response\u00a0users receive=
d a firewall rule to protect against any exploits targeting this vulnerabil=
ity on October 15, 2025. Sites using the free version of Wordfence received=
the same protection 30 days later on November 14, 2025.<\/p>\n

\u00a0<\/p>\n

Considering this vulnerabil=
ity is under active attack, we urge users to ensure their sites are updated=
with the latest patched version of Post SMTP, version 3.6.1 at the time of=
this writing,\u00a0as soon as possible.<\/p>\n<\/div>\n<\/div>\n

\n

READ THE FULL POST HERE<\/strong><\/p>\n<\/div>\n

\u00a0<\/div>\n
\n
\n

=F0=9F=8F=86 Current Bug Bounty=
Promotions: =F0=9F=8F=86\u00a0<\/p>\n

\u00a0<\/p>\n

=F0=9F=93=81 The LFInder Challenge: Refine your LFI hunting skills with an expanded scope.\u00a0
=F0=9F=94=8D Now through November 24, 2025, all LFI vulnerabilities in sof=
tware with at least 25 active installs are considered in-scope for all rese=
archers, regardless of researcher tier, AND earn a\u00a030% bonus o=
n all Local File Inclusion vulnerability submissions<\/strong>\u00a0not alre=
ady increased by another promotion.<\/strong><\/p>\n

Read our guide on how to find =
LFI vulnerabilities to level up your skills for this promotion.<\/p>\n

Join The Wordfence Bug Bounty Program today: Submit bold, Earn big! =F0=9F=94=A5<\/p>\n<\/div>\n

\u00a0<\/div>\n<\/div>\n<\/div>\n

=20<\/p>\n<\/div>\n

=20
=20\n
=20\n
\n
\n
Follow Wordfence On Social Media =
For The Latest WordPress Security Updates, Alerts, and Education\u00a0=<\/div>\n<\/div>\n
\n

<\/p>\n

<\/p>\n

<\/p>\n

<\/p>\n

<\/p>\n

<\/p>\n

<\/p>\n<\/div>\n

\n
\n

Did you know that we publish educational and informational WordP=
ress security\u00a0content almost daily on most of your favorite soc=
ial media platforms?<\/p>\n

Follow us =
on your platforms of choice and join us\u00a0in r\/wordfence – a new home for all things WordPress security related.<\/p>\n<\/div>\n<\/div>\n

\u00a0<\/div>\n<\/div>\n<\/div>\n

=20<\/p>\n<\/div>\n

=20
=20\n
=20\n
\n
\n
The Full Product Lineup<\/div>\n<\/div>\n<\/div>\n

=20<\/p>\n<\/div>\n

=20
=20\n
=20\n
\n
\n

<\/p>\n<\/div>\n<\/div>\n

\n
\n

<\/p>\n<\/div>\n<\/div>\n

\n
\n

<\/p>\n<\/div>\n<\/div>\n<\/div>\n

=20<\/p>\n<\/div>\n

=20
=20\n
=20\n
\n
\n

<\/p>\n<\/div>\n<\/div>\n

\n
\n

<\/p>\n<\/div>\n<\/div>\n

\n
\n

<\/p>\n<\/div>\n<\/div>\n<\/div>\n

=20<\/p>\n<\/div>\n

=20
=20\n
=20\n
\n
\u00a0<\/div>\n<\/div>\n<\/div>\n

=20<\/p>\n<\/div>\n

=20
=20\n
=20\n
\n
\n

<\/p>\n<\/div>\n

\n

Defiant, Inc., 1700 Westlake Ave N STE 200\u00a0<\/p>\n

Seattle, WA \u00a098109\u00a0United States<\/p>\n

Unsubscribe Manage Preferences<\/p>\n<\/div>\n<\/div>\n

\n
\n

<\/p>\n<\/div>\n<\/div>\n<\/div>\n

=20<\/p>\n<\/div>\n

=20
=20\n
=20\n
\n
\n
\n

You’re receiving this email because you signed up to the Wordfe=
nce WordPress security mailing list.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n

=20<\/p>\n<\/div>\n<\/div>\n<\/div>\n

=20
<\/p>\n<\/div>\n<\/div>\n\n

[flipbook]<\/p>\n","protected":false},"excerpt":{"rendered":"

[WordPress Security] Attackers Actively Exploiting Critical Vuln=erability in Post SMTP Plugin =20=20=20 =20=20=20=20=20@media only screen and (max-w=idth:639px){img.stretch-on-mobile,.hs_rss_email_entries_table img,.hs-stret=ch-cta .hs-cta-img{height:auto !important;width:100% !important}.display_block_on_small_screens{display:block}.hs_padded{padding-left:20px =!important;padding-right:20px !important}.hs-hm,table.hs-hm{display:none}.hs-hd{display:block !important}table.hs-hd={display:table !important}}@media only screen and (max-width:639px){.hse-border-m{border-left:0px sol=id #008cc1 !important;border-right:0px solid #008cc1 !important;box-sizing:=border-box}.hse-border-bottom-m{border-bottom:0px solid #008cc1 !important}.hse-border=-top-m{border-top:0px solid #008cc1 !important}.hse-border-top-hm{border-top:none !important}.hse-border-bottom-hm{border-=bottom:none !important}}.moz-text-html .hse-column-container{max-width:600px !important;width:600p=x !important}.moz-text-html .hse-column{display:table-cell;vertical-align:top}.moz-text-=html .hse-section .hse-size-4{max-width:200px !important;width:200px !impor=tant}.moz-text-html .hse-section .hse-size-8{max-width:400px !important;width:40=0px !important}.moz-text-html […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1213","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/1stattorneys.ng\/index.php?rest_route=\/wp\/v2\/posts\/1213","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/1stattorneys.ng\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/1stattorneys.ng\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/1stattorneys.ng\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/1stattorneys.ng\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1213"}],"version-history":[{"count":4,"href":"https:\/\/1stattorneys.ng\/index.php?rest_route=\/wp\/v2\/posts\/1213\/revisions"}],"predecessor-version":[{"id":1242,"href":"https:\/\/1stattorneys.ng\/index.php?rest_route=\/wp\/v2\/posts\/1213\/revisions\/1242"}],"wp:attachment":[{"href":"https:\/\/1stattorneys.ng\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1213"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/1stattorneys.ng\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1213"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/1stattorneys.ng\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1213"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}