Plattform
wordpress
Komponente
wp-gmail-smtp
Behoben in
1.0.8
A Cross-Site Request Forgery (CSRF) vulnerability exists in the WP Gmail SMTP plugin for WordPress. This flaw allows an attacker to trick authenticated users into performing actions they did not intend to, potentially leading to unauthorized email configuration changes or other malicious activities. The vulnerability affects versions from 0.0 up to and including 1.0.7. A patch is available to resolve this issue.
The CSRF vulnerability in WP Gmail SMTP allows an attacker to craft malicious requests that appear to originate from a legitimate user. If a user is logged into WordPress and visits a crafted link, the attacker can execute actions as that user without their knowledge. This could include modifying SMTP settings, adding or removing email accounts, or potentially gaining access to sensitive email data. The impact is amplified if the plugin is used in environments with shared hosting or where user permissions are not strictly controlled, as an attacker could potentially compromise multiple WordPress installations.
As of the publication date (2025-12-31), there is no indication of active exploitation of CVE-2025-62123. Public proof-of-concept (POC) code is not currently available. The vulnerability has been added to the NVD database and is being tracked by CISA. The EPSS score is pending evaluation.
WordPress websites utilizing the WP Gmail SMTP plugin, particularly those with shared hosting environments or less stringent user permission controls, are at risk. Sites with legacy configurations or those that haven't recently updated their plugins are also more vulnerable.
• wordpress / composer / npm:
grep -r 'wp_gmail_smtp' /var/www/html/wp-content/plugins/
wp-cli plugin list• generic web:
curl -I https://your-wordpress-site.com/wp-content/plugins/wp-gmail-smtp/ | grep Serverdisclosure
Exploit-Status
EPSS
0.01% (0% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-62123 is to upgrade the WP Gmail SMTP plugin to a version containing the fix. If upgrading immediately is not possible due to compatibility concerns or breaking changes, consider implementing temporary workarounds such as adding nonce validation to all sensitive plugin actions. Implementing a Web Application Firewall (WAF) with CSRF protection rules can also help to block malicious requests. Regularly review plugin settings and user permissions to ensure they are properly configured.
No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-62123 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the WP Gmail SMTP plugin for WordPress, allowing attackers to perform unauthorized actions.
You are affected if you are using the WP Gmail SMTP plugin in versions 0.0 through 1.0.7. Upgrade to a patched version to resolve the vulnerability.
Upgrade the WP Gmail SMTP plugin to the latest available version. If immediate upgrade is not possible, consider temporary workarounds like nonce validation or a WAF.
As of the publication date, there is no evidence of active exploitation of CVE-2025-62123.
Refer to the plugin developer's website or the WordPress plugin repository for the official advisory and update information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.