Critical severity9.8NVD Advisory· Published Jun 7, 2023· Updated Apr 8, 2026
CVE-2019-25141
CVE-2019-25141
Description
The Easy WP SMTP plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.3.9. This is due to missing capability checks on the admin_init() function, in addition to insufficient input validation. This makes it possible for unauthenticated attackers to modify the plugins settings and arbitrary options on the site that can be used to inject new administrative user accounts.
Affected products
2- Range: <=1.3.9
Patches
Vulnerability mechanics
References
4- plugins.trac.wordpress.org/changesetnvdPatch
- blog.nintechnet.com/critical-0day-vulnerability-fixed-in-wordpress-easy-wp-smtp-plugin/nvdExploit
- wordpress.org/support/topic/vulnerability-26/nvdExploitIssue TrackingMitigation
- www.wordfence.com/threat-intel/vulnerabilities/id/84b75f7d-7258-46f6-aee6-b96d70bee264nvdBroken LinkThird Party Advisory
News mentions
0No linked articles in our index yet.