The Post SMTP plugin for WordPress, widely used to manage SMTP email sending with features like logs, alerts, backup SMTP, and mobile app integration, suffers from an authorization bypass vulnerability identified as CVE-2025-12887. The root cause lies in the 'handle_gmail_oauth_redirect' function, which fails to properly verify that a user is authorized to update OAuth tokens. This improper authorization check allows any authenticated user with subscriber-level privileges or higher to inject invalid or attacker-controlled OAuth credentials. Since OAuth tokens are critical for authenticating SMTP connections, maliciously injected tokens can disrupt legitimate email sending or be leveraged for further attacks such as phishing or spam distribution. The vulnerability affects all versions up to and including 3.6.1 of the plugin. According to the CVSS 3.1 vector, the attack can be performed remotely over the network (AV:N) with low attack complexity (AC:L) and requires privileges (PR:L) but no user interaction (UI:N). The impact is limited to integrity and availability, as confidentiality is not affected. No patches were linked at the time of disclosure, and no known exploits have been observed in the wild. The vulnerability is categorized under CWE-862 (Missing Authorization), emphasizing the failure to enforce proper access controls. The flaw is particularly concerning for WordPress sites that rely on Gmail OAuth for SMTP, as compromised tokens can undermine email reliability and trust.

For European organizations, this vulnerability poses a risk primarily to the integrity and availability of their email infrastructure. Organizations using the Post SMTP plugin with Gmail OAuth integration may experience unauthorized modification of OAuth tokens, leading to email delivery failures, disruption of automated notifications, or potential misuse of SMTP services for malicious purposes such as spam or phishing campaigns. Although the vulnerability does not directly expose sensitive data, the disruption of email services can impact business operations, customer communications, and incident response capabilities. The requirement for authenticated access at subscriber level or above means that attackers must first compromise or have legitimate access to low-privileged accounts, which can be common in large organizations with many users. This increases the attack surface, especially in environments with weak account management or insufficient monitoring. The absence of known exploits reduces immediate risk but does not eliminate the potential for future exploitation. Given the widespread use of WordPress and Gmail services in Europe, the threat could affect a broad range of sectors including government, finance, healthcare, and e-commerce.

1. Monitor for plugin updates from the vendor and apply patches promptly once available to address the authorization bypass. 2. Until a patch is released, restrict subscriber-level user capabilities to the minimum necessary, especially removing or limiting access to functions that can update OAuth tokens. 3. Implement strict user account management policies, including regular review and removal of unnecessary subscriber accounts. 4. Enable logging and alerting on OAuth token changes within the WordPress environment and SMTP configurations to detect unauthorized modifications. 5. Consider deploying Web Application Firewalls (WAF) with custom rules to detect and block suspicious requests targeting the 'handle_gmail_oauth_redirect' endpoint. 6. Educate administrators and users about the risks of low-privilege account compromise and enforce strong authentication mechanisms such as MFA. 7. Regularly audit SMTP configurations and OAuth token usage to ensure integrity and detect anomalies. 8. If feasible, temporarily disable Gmail OAuth integration in the plugin until the vulnerability is remediated, or switch to alternative secure SMTP solutions.