CVE-2025-12887 is a medium-severity authorization bypass vulnerability affecting the Post SMTP plugin for WordPress, versions up to and including 3.6.1. The root cause is the plugin's failure to properly verify that a user is authorized to update OAuth tokens within the 'handle_gmail_oauth_redirect' function. This flaw allows any authenticated user with subscriber-level privileges or higher to inject invalid or attacker-controlled OAuth credentials. Since WordPress subscriber roles typically have limited capabilities, this vulnerability significantly lowers the bar for exploitation compared to requiring administrator privileges. The injected OAuth credentials could be used to disrupt legitimate email sending, cause denial of service, or potentially facilitate further attacks by manipulating SMTP authentication flows. The vulnerability is network exploitable (AV:N), requires low privileges (PR:L), does not require user interaction (UI:N), and affects the integrity and availability of the email system (I:L, A:L), resulting in a CVSS 3.1 base score of 5.4. No patches or exploits are currently publicly available, but the vulnerability is published and should be addressed promptly. The plugin is widely used in WordPress environments for SMTP email delivery, making this a relevant threat for many organizations relying on WordPress for web presence and communications.

The primary impact of this vulnerability is on the integrity and availability of email services managed through the Post SMTP plugin. Attackers with subscriber-level access can inject malicious OAuth tokens, potentially disrupting email delivery or redirecting emails through attacker-controlled accounts. This can lead to denial of service for legitimate email communications, loss of trust in email authenticity, and potential escalation paths if attackers leverage the compromised OAuth tokens for further access. Organizations relying on this plugin for critical email functions may experience operational disruptions. Additionally, the ease of exploitation by low-privilege users increases the risk of insider threats or compromised low-level accounts being leveraged to cause damage. Although confidentiality is not directly impacted, the manipulation of OAuth credentials could indirectly facilitate phishing or social engineering attacks if attackers control outbound email flows. The lack of known exploits in the wild reduces immediate risk but does not eliminate the potential for future exploitation.

To mitigate this vulnerability, organizations should immediately upgrade the Post SMTP plugin to a patched version once available. In the absence of a patch, restrict subscriber-level user permissions to the minimum necessary and audit existing users for suspicious accounts. Implement strict role-based access controls to prevent unauthorized users from accessing or modifying OAuth token settings. Monitor logs for unusual changes to OAuth credentials or SMTP configurations. Consider disabling the plugin temporarily if email delivery can be managed through alternative secure methods. Employ multi-factor authentication (MFA) for all WordPress accounts to reduce the risk of account compromise. Additionally, review and harden OAuth token management workflows and validate all token updates server-side to ensure proper authorization. Regularly back up WordPress configurations and email settings to enable quick recovery if exploitation occurs.