CVE-2025-54011
Description
Missing Authorization vulnerability in SMTP2GO SMTP2GO smtp2go allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SMTP2GO: from n/a through <= 1.12.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The SMTP2GO WordPress plugin through 1.12.1 has a missing authorization vulnerability allowing unprivileged users to access higher-privileged actions.
Vulnerability
Overview The SMTP2GO WordPress plugin versions up to and including 1.12.1 are affected by a missing authorization vulnerability. This is a broken access control issue that stems from incorrect configuration of access control security levels, potentially allowing unprivileged users to execute certain higher-privileged actions [1].
Exploitation
Context Attackers can exploit this flaw without requiring authentication or proper cross-site request forgery checks, making it possible to target thousands of websites in mass-exploit campaigns. The vulnerability does not depend on the site's traffic size or popularity, increasing the potential attack surface [1].
Impact and
Mitigation The vulnerability has a CVSS v3 severity of 4.3 (Medium). While the risk is rated low severity, the missing authorization can lead to privilege escalation within the plugin's functionality. The patch is available in version 1.12.2 or later, and users are strongly recommended to update immediately. For those unable to update, seeking assistance from a hosting provider or web developer is advised [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2<=1.12.1+ 1 more
- (no CPE)range: <=1.12.1
- (no CPE)range: <=1.12.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.