CVE-2025-23423
No known patch is available for this vulnerability.
The affected plugin has been removed from the WordPress.org directory (reason: Security Issue), and no patched version is being distributed through the official directory. If you have the affected software installed, you should uninstall or replace it rather than wait for an update.
Description
Missing authorization in SendGrid for WordPress plugin (<=1.4) allows attackers to exploit misconfigured access controls; plugin removed with no fix.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Missing authorization in SendGrid for WordPress plugin (<=1.4) allows attackers to exploit misconfigured access controls; plugin removed with no fix.
Vulnerability
The SendGrid for WordPress plugin (wp-sendgrid-mailer) versions up to and including 1.4 contain a missing authorization vulnerability. The plugin fails to properly enforce access control checks on certain functionality, allowing exploitation of incorrectly configured access control security levels. This affects all installations using the plugin up to version 1.4. [1]
Exploitation
An attacker with network access to a WordPress site running the vulnerable plugin can exploit the missing authorization by sending crafted requests to endpoints that lack proper capability checks. No authentication is required if the vulnerable endpoints are exposed to unauthenticated users, or low-privileged users can escalate. The exact attack vector is not detailed in available references, but the vulnerability class indicates that the attacker can bypass intended access restrictions. [1]
Impact
Successful exploitation allows an attacker to perform unauthorized actions within the plugin's context, potentially including sending emails via the configured SendGrid API, accessing sensitive configuration data, or modifying settings. The impact is limited to the plugin's functionality, but could lead to information disclosure or abuse of email sending capabilities. [1]
Mitigation
No patched version exists. The plugin was closed and removed from the WordPress.org plugin directory on October 16, 2024 due to a security issue. Users are advised to uninstall the plugin immediately and replace it with an alternative SendGrid integration that is actively maintained. [1]
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <=1.4
- Range: <=1.4
Patches
0wp-sendgrid-mailerThis plugin has been removed from the WordPress.org directory on 2024-10-16 (reason: Security Issue). No patched version is being distributed through the official directory. Users who have it installed should uninstall it.
Source: api.wordpress.org · directory page
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.