Start your free trial today.

Protect your organization with cutting-edge cybersecurity solutions designed for resilience and efficiency. Secure your digital assets with confidence.

Your Shield Against Threats

Unleash the Power of Cybersecurity

Boost Your Security, Enhance Your Business

We solve Your Cyber Challenges

Quick Links

Resources

Deepaegis Portals

Vulnerability Advisory : Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App <= 3.6.0 - Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure with LOW Attack Complexity

Summary

The Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the __construct function in all versions up to, and including, 3.6.0. This makes it possible for unauthenticated attackers to read arbitrary logged emails sent through the Post SMTP plugin, including password reset emails containing password reset links, which can lead to account takeover.

Impact Assessment

Timeline

Published

November 1, 2025

Last Modified

November 1, 2025

Related Advisories