CVE-2025-11833 (CVSS 9.8): Critical Flaw Exposes 400,000 WordPress Sites to Unauthenticated Account Takeover Urgent patch for Post SMTP plugin. A CVSS 9.8 flaw lets unauthenticated attackers read email logs and steal password reset links to take over accounts.

#Wordpress: CVE-2025-11833 (CVSS 9.8) Critical Flaw in #PostSMTP Plugin Exposes 400,000+ WordPress Sites to Unauthenticated Account Takeover:
👇

ITちゃんねる SAML2.0認証「Node-SAML」、WordPressプラグイン「Post SMTP」など脆弱性修正アップデート – JPCERT/CCレポート #NodeSAML #PostSMTP #ITニュース

SAML2.0認証「Node-SAML」、WordPressプラグイン「Post SMTP」など脆弱性修正アップデート – JPCERT/CCレポート
#NodeSAML #PostSMTP #ITニュース

Post SMTP Plugin Flaw Allowed Subscribers to Take Over Admin Accounts Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

A now-patched flaw in the #PostSMTP WordPress plugin let Subscriber-level users take over Admin accounts by accessing email logs like password reset links. Update to stay safe.

🔗 hackread.com/post-smtp-pl...

#CyberSecurity #WordPress #Vulnerability #Plugin #Privacy

Allianz Life colpita da breach dati, Post SMTP espone 200.000 siti a hijacking nel 2025.

#AllianzLife #databreach #hijacking #PostSMTP #SocialEngineering #Wordpress
www.matricedigitale.it/2025/07/27/a...