CVE-2023-6875 is a critical security vulnerability affecting the POST SMTP Mailer plugin for WordPress, developed by wpexpertsio. This plugin is widely used for advanced email logging, delivery failure notifications, and SMTP mail delivery within WordPress environments. The vulnerability arises from a type juggling issue in the connect-app REST endpoint, which is present in all versions up to and including 2.8.7. Specifically, the flaw allows unauthorized attackers to bypass authorization controls by manipulating a user-controlled key parameter. This leads to unauthorized access and modification of sensitive data. An attacker can reset the API key used for authenticating to the mailer service, thereby gaining the ability to view email logs. These logs may contain highly sensitive information such as password reset emails, which can be leveraged to take over the affected WordPress site. The vulnerability is classified under CWE-639 (Authorization Bypass Through User-Controlled Key) and CWE-862 (Missing Authorization). The CVSS v3.1 base score is 9.8, indicating a critical severity with network attack vector, no required privileges, no user interaction, and full confidentiality, integrity, and availability impacts. Although no known exploits are currently reported in the wild, the ease of exploitation and the potential impact make this a high-risk threat for WordPress sites using this plugin. The vulnerability affects all versions of the plugin up to 2.8.7, and no official patch links are provided in the data, suggesting that immediate mitigation steps are necessary to protect affected systems.

For European organizations, this vulnerability poses a significant risk, especially for those relying on WordPress for their web presence and using the POST SMTP Mailer plugin. Successful exploitation can lead to unauthorized disclosure of sensitive email content, including password reset emails, which can facilitate full site takeover. This compromises the confidentiality and integrity of organizational data and can disrupt availability by allowing attackers to modify or disable email delivery functions. The breach of email logs could also expose personal data of customers or employees, potentially triggering GDPR compliance issues and resulting in legal and financial penalties. Organizations in sectors such as e-commerce, finance, healthcare, and government, which often use WordPress for public-facing websites and internal portals, are particularly vulnerable. The ability to reset API keys without authentication increases the attack surface and lowers the barrier for attackers, including automated scanning and exploitation attempts. This vulnerability could also be leveraged as a foothold for further lateral movement within an organization's network, escalating the overall security risk.

1. Immediate action should be to update the POST SMTP Mailer plugin to a version that addresses this vulnerability once available. If no patch is currently released, temporarily disabling the plugin or restricting access to the connect-app REST endpoint via web application firewall (WAF) rules or IP whitelisting is recommended. 2. Implement strict access controls on the WordPress REST API endpoints, ensuring that only authenticated and authorized users can interact with sensitive plugin endpoints. 3. Monitor web server and WordPress logs for unusual POST requests to the connect-app endpoint, which may indicate exploitation attempts. 4. Conduct a thorough audit of email logs and reset API keys manually to prevent unauthorized access. 5. Employ multi-factor authentication (MFA) on WordPress admin accounts to reduce the risk of site takeover even if email credentials are compromised. 6. Educate site administrators about the risks of this vulnerability and encourage prompt application of security updates. 7. Consider deploying runtime application self-protection (RASP) or endpoint detection and response (EDR) solutions to detect and block exploitation attempts in real time. 8. Review and tighten overall WordPress security posture, including limiting plugin usage to trusted and actively maintained plugins.