Find notable cyber news and cases, enriched with sources, timelines, and signals.

Post SMTP CVE-2025-11833 exploitation wave

Exploitation Wave
First reported
Last updated
Happening score
H score 74
1 unique sources, 1 articles

Summary

Hide ▲

CVE-2025-11833 in the Post SMTP WordPress plugin is being actively exploited to hijack administrator accounts, putting more than 400,000 sites at risk of full site compromise. Wordfence says exploitation began on November 1 and it has already blocked over 4,500 attempts against customers.

Related Happenings

Gravity SMTP security patch release for CVE-2026-4020

Security Patch Release
H score16 First: 20.06.2026 12:56 Last: 20.06.2026 12:56 Sources 1

About this happening: **Gravity SMTP** released **version 2.1.5** to fix **CVE-2026-4020**, closing a **medium-severity information disclosure** flaw in the WordPress plugin. The patch addresses a bug...

Gravity SMTP actively exploited information disclosure flaw (CVE-2026-4020)

Vulnerability
H score16 First: 19.06.2026 23:25 Last: 19.06.2026 23:25 Sources 1

About this happening: An **actively exploited** unauthenticated information disclosure flaw in **Gravity SMTP** exposes **API keys, secrets, OAuth tokens, and email-service credentials** on sites using...

PushEngage, OptinMonster, and TrustPulse CDN script-tampering campaign

Campaign
H score89 First: 15.06.2026 12:59 Last: 15.06.2026 12:59 Sources 1

About this happening: A **multi-plugin supply-chain campaign** targeted **Awesome Motive** WordPress plugins **OptinMonster**, **TrustPulse**, and **PushEngage**, with malicious JavaScript delivered th...

Latest development: 15.06.2026 20:37

Awesome Motive said a server in its environment was compromised after exploitation of a known UpdraftPlus WordPress plugin flaw, allowing attackers to steal the CDN API key for a marketing website and modify JavaScript distributed through the company’s CDN. The company remediated the marketing site, moved it to a new server, and rotated all credentials, including the CDN API key, while stating that its application servers, source code, and account-data systems were not breached.

Quest KACE SMA authentication bypass (CVE-2025-32975)

Vulnerability
H score46 First: 23.03.2026 08:15 Last: 23.03.2026 08:15 Sources 1

About this happening: **Quest KACE SMA** systems exposed to the internet were found at risk from **CVE-2025-32975**, an **authentication bypass** flaw that can enable administrative takeover and remote...

Ivanti EPMM exploitation wave (CVE-2026-1281)

Exploitation Wave
H score64 First: 12.02.2026 09:32 Last: 12.02.2026 09:32 Sources 1

About this happening: **Ivanti Endpoint Manager Mobile (EPMM)** is facing an **active exploitation wave** against **CVE-2026-1281** and **CVE-2026-1340**, creating immediate risk for internet-facing ma...

Timeline

  1. 04.11.2025 23:46 1 articles · 8mo ago

    Wordfence receives report of Post SMTP email-log disclosure issue

    Initial Disclosure

    Wordfence receives a report from researcher 'netranger' about a Post SMTP email-log disclosure issue that could enable account takeover attacks against WordPress sites using the plugin.

    Show sources
  2. 04.11.2025 23:46 1 articles · 8mo ago

    Wordfence validates Post SMTP exploit and discloses CVE-2025-11833

    Technical Analysis Update

    Wordfence validates the Post SMTP exploit, confirming that the plugin's email-log disclosure flaw can expose password-reset messages, and fully discloses CVE-2025-11833 to vendor Saad Iqbal.

    Show sources
  3. 04.11.2025 23:46 1 articles · 8mo ago

    Post SMTP 3.6.1 patch fixes CVE-2025-11833

    Mitigation Patch Update

    Post SMTP version 3.6.1 arrives as the fix for CVE-2025-11833, addressing the authorization flaw in the plugin's PostmanEmailLogs flow that affected version 3.6.0 and older.

    Show sources
  4. 04.11.2025 23:46 2 articles · 8mo ago

    Hackers begin exploiting CVE-2025-11833 in Post SMTP

    Exploitation Observed

    Threat actors begin exploiting CVE-2025-11833 in Post SMTP to read password-reset emails and hijack administrator accounts on more than 400,000 WordPress sites, creating a path to full site compromise.

    Show sources
  5. 04.11.2025 23:46 1 articles · 8mo ago

    Wordfence blocks more than 4,500 Post SMTP exploit attempts

    Detection Ioc Update

    Wordfence says it has blocked more than 4,500 exploit attempts against Post SMTP customers as active exploitation continues, and website owners are advised to move to version 3.6.1 immediately or disable the plugin.

    Show sources