Primary

Context

Ultimate WP Mail Privilege Escalation Vulnerability in WordPress

Vulnerability

A privilege escalation vulnerability has been identified in the Ultimate WP Mail plugin for WordPress, affecting versions 1.0.17 prior to 1.3.6. The vulnerability arises from improper authorization in the 'get_email_log_details()' AJAX handler, which allows authenticated users with Contributor-level access and above to access an admin's password reset link. The handler retrieves email log content based on a client-supplied post ID, relying solely on the 'edit_posts' capability without validating ownership or restricting access to administrators.

Impact

Exploitation of this vulnerability allows authenticated users with Contributor-level access and above to escalate their privileges to that of an administrator.

Remediation

Users can update to version 1.3.7 or a newer patched version to address this vulnerability.

Added: Jul 16, 2025, 10:29 AM

Updated: Jul 16, 2025, 10:29 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.9

remediation

7.7

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.9

remediation

7.7

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ultimate WP Mail Privilege Escalation Vulnerability in WordPress

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating