Post SMTP CVE-2025-11833 exploitation wave
Exploitation Wave
Summary
Hide ▲
Show ▼
CVE-2025-11833 in the Post SMTP WordPress plugin is being actively exploited to hijack administrator accounts, putting more than 400,000 sites at risk of full site compromise. Wordfence says exploitation began on November 1 and it has already blocked over 4,500 attempts against customers.
Related Happenings
Gravity SMTP security patch release for CVE-2026-4020
Security Patch Release
H score16
First: 20.06.2026 12:56
Last: 20.06.2026 12:56
Sources 1
About this happening:
**Gravity SMTP** released **version 2.1.5** to fix **CVE-2026-4020**, closing a **medium-severity information disclosure** flaw in the WordPress plugin. The patch addresses a bug...
Gravity SMTP security patch release for CVE-2026-4020
Security Patch ReleaseAbout this happening: **Gravity SMTP** released **version 2.1.5** to fix **CVE-2026-4020**, closing a **medium-severity information disclosure** flaw in the WordPress plugin. The patch addresses a bug...
Gravity SMTP actively exploited information disclosure flaw (CVE-2026-4020)
Vulnerability
H score16
First: 19.06.2026 23:25
Last: 19.06.2026 23:25
Sources 1
About this happening:
An **actively exploited** unauthenticated information disclosure flaw in **Gravity SMTP** exposes **API keys, secrets, OAuth tokens, and email-service credentials** on sites using...
Gravity SMTP actively exploited information disclosure flaw (CVE-2026-4020)
VulnerabilityAbout this happening: An **actively exploited** unauthenticated information disclosure flaw in **Gravity SMTP** exposes **API keys, secrets, OAuth tokens, and email-service credentials** on sites using...
PushEngage, OptinMonster, and TrustPulse CDN script-tampering campaign
Campaign
H score89
First: 15.06.2026 12:59
Last: 15.06.2026 12:59
Sources 1
About this happening:
A **multi-plugin supply-chain campaign** targeted **Awesome Motive** WordPress plugins **OptinMonster**, **TrustPulse**, and **PushEngage**, with malicious JavaScript delivered th...
PushEngage, OptinMonster, and TrustPulse CDN script-tampering campaign
CampaignAbout this happening: A **multi-plugin supply-chain campaign** targeted **Awesome Motive** WordPress plugins **OptinMonster**, **TrustPulse**, and **PushEngage**, with malicious JavaScript delivered th...
Latest development: 15.06.2026 20:37
Awesome Motive said a server in its environment was compromised after exploitation of a known UpdraftPlus WordPress plugin flaw, allowing attackers to steal the CDN API key for a marketing website and modify JavaScript distributed through the company’s CDN. The company remediated the marketing site, moved it to a new server, and rotated all credentials, including the CDN API key, while stating that its application servers, source code, and account-data systems were not breached.
Quest KACE SMA authentication bypass (CVE-2025-32975)
Vulnerability
H score46
First: 23.03.2026 08:15
Last: 23.03.2026 08:15
Sources 1
About this happening:
**Quest KACE SMA** systems exposed to the internet were found at risk from **CVE-2025-32975**, an **authentication bypass** flaw that can enable administrative takeover and remote...
Quest KACE SMA authentication bypass (CVE-2025-32975)
VulnerabilityAbout this happening: **Quest KACE SMA** systems exposed to the internet were found at risk from **CVE-2025-32975**, an **authentication bypass** flaw that can enable administrative takeover and remote...
Ivanti EPMM exploitation wave (CVE-2026-1281)
Exploitation Wave
H score64
First: 12.02.2026 09:32
Last: 12.02.2026 09:32
Sources 1
About this happening:
**Ivanti Endpoint Manager Mobile (EPMM)** is facing an **active exploitation wave** against **CVE-2026-1281** and **CVE-2026-1340**, creating immediate risk for internet-facing ma...
Ivanti EPMM exploitation wave (CVE-2026-1281)
Exploitation WaveAbout this happening: **Ivanti Endpoint Manager Mobile (EPMM)** is facing an **active exploitation wave** against **CVE-2026-1281** and **CVE-2026-1340**, creating immediate risk for internet-facing ma...
Timeline
-
04.11.2025 23:46 1 articles · 8mo ago
Wordfence receives report of Post SMTP email-log disclosure issue
Initial DisclosureWordfence receives a report from researcher 'netranger' about a Post SMTP email-log disclosure issue that could enable account takeover attacks against WordPress sites using the plugin.
Show sources
- Hackers exploit WordPress plugin Post SMTP to hijack admin accounts — www.bleepingcomputer.com — 04.11.2025 23:46
-
04.11.2025 23:46 1 articles · 8mo ago
Wordfence validates Post SMTP exploit and discloses CVE-2025-11833
Technical Analysis UpdateWordfence validates the Post SMTP exploit, confirming that the plugin's email-log disclosure flaw can expose password-reset messages, and fully discloses CVE-2025-11833 to vendor Saad Iqbal.
Show sources
- Hackers exploit WordPress plugin Post SMTP to hijack admin accounts — www.bleepingcomputer.com — 04.11.2025 23:46
-
04.11.2025 23:46 1 articles · 8mo ago
Post SMTP 3.6.1 patch fixes CVE-2025-11833
Mitigation Patch UpdatePost SMTP version 3.6.1 arrives as the fix for CVE-2025-11833, addressing the authorization flaw in the plugin's PostmanEmailLogs flow that affected version 3.6.0 and older.
Show sources
- Hackers exploit WordPress plugin Post SMTP to hijack admin accounts — www.bleepingcomputer.com — 04.11.2025 23:46
-
04.11.2025 23:46 2 articles · 8mo ago
Hackers begin exploiting CVE-2025-11833 in Post SMTP
Exploitation ObservedThreat actors begin exploiting CVE-2025-11833 in Post SMTP to read password-reset emails and hijack administrator accounts on more than 400,000 WordPress sites, creating a path to full site compromise.
Show sources
- Hackers exploit WordPress plugin Post SMTP to hijack admin accounts — www.bleepingcomputer.com — 04.11.2025 23:46
- Hackers exploit WordPress plugin Post SMTP to hijack admin accounts — www.bleepingcomputer.com — 04.11.2025 23:46
-
04.11.2025 23:46 1 articles · 8mo ago
Wordfence blocks more than 4,500 Post SMTP exploit attempts
Detection Ioc UpdateWordfence says it has blocked more than 4,500 exploit attempts against Post SMTP customers as active exploitation continues, and website owners are advised to move to version 3.6.1 immediately or disable the plugin.
Show sources
- Hackers exploit WordPress plugin Post SMTP to hijack admin accounts — www.bleepingcomputer.com — 04.11.2025 23:46