SMTP2GO for WordPress Unauthorized Access Vulnerability

A vulnerability exists in the SMTP2GO for WordPress plugin, specifically in versions up to and including 1.16.0. The issue stems from the plugin's failure to properly verify user authorization for certain actions. This flaw allows authenticated attackers with subscriber-level access or higher to either truncate all SMTP2GO log records in the database or download a CSV export of all SMTP log data. The exported data includes recipient and sender addresses, message subjects, and API response information.

Impact

Exploitation of this vulnerability allows for unauthorized manipulation and access to sensitive log data, including recipient addresses and API response information.

Reproduction

To reproduce this vulnerability, an authenticated user with subscriber-level access or higher can send a request to the WordPress admin interface. The request must include a nonce for the 'truncate_smtp2go_logs' action to successfully truncate the log data. Alternatively, the 'downloadLogs' function can be called to export the log data as a CSV file, which will include sensitive information such as recipient addresses and API response data.

Remediation

Users are advised to update the SMTP2GO for WordPress plugin to version 1.17.0 or later, where this vulnerability has been addressed.