Post SMTP CVE-2025-11833 exploitation wave
Exploitation Wave
Summary
Hide ▲
Show ▼
CVE-2025-11833 in the Post SMTP WordPress plugin is being actively exploited to hijack administrator accounts, putting more than 400,000 sites at risk of full site compromise. Wordfence says exploitation began on November 1 and it has already blocked over 4,500 attempts against customers.
Related Happenings
Quest KACE SMA authentication bypass (CVE-2025-32975)
Vulnerability
First: 23.03.2026 08:15
Last: 23.03.2026 08:15
Sources 1
About this happening:
**Quest KACE SMA** systems exposed to the internet were found at risk from **CVE-2025-32975**, an **authentication bypass** flaw that can enable administrative takeover and remote...
Quest KACE SMA authentication bypass (CVE-2025-32975)
VulnerabilityAbout this happening: **Quest KACE SMA** systems exposed to the internet were found at risk from **CVE-2025-32975**, an **authentication bypass** flaw that can enable administrative takeover and remote...
Ivanti EPMM exploitation wave (CVE-2026-1281)
Exploitation Wave
First: 12.02.2026 09:32
Last: 12.02.2026 09:32
Sources 1
About this happening:
**Ivanti Endpoint Manager Mobile (EPMM)** is facing an **active exploitation wave** against **CVE-2026-1281** and **CVE-2026-1340**, creating immediate risk for internet-facing ma...
Ivanti EPMM exploitation wave (CVE-2026-1281)
Exploitation WaveAbout this happening: **Ivanti Endpoint Manager Mobile (EPMM)** is facing an **active exploitation wave** against **CVE-2026-1281** and **CVE-2026-1340**, creating immediate risk for internet-facing ma...
CISA SmarterMail remediation guidance for CVE-2026-24423
Advisory/Mitigation
First: 06.02.2026 19:16
Last: 06.02.2026 19:16
Sources 1
About this happening:
**SmarterMail** is at the center of a **CVE-2026-24423** remediation and exploitation wave: the flaw enables **unauthenticated remote code execution** in versions prior to **Build...
CISA SmarterMail remediation guidance for CVE-2026-24423
Advisory/MitigationAbout this happening: **SmarterMail** is at the center of a **CVE-2026-24423** remediation and exploitation wave: the flaw enables **unauthenticated remote code execution** in versions prior to **Build...
SmarterMail CVE-2026-23760 mass exploitation wave
Exploitation Wave
First: 27.01.2026 16:09
Last: 27.01.2026 16:09
Sources 1
About this happening:
**CVE-2026-23760** is being exploited against **SmarterMail** to bypass authentication on **internet-facing mail servers**, creating takeover risk across **thousands of exposed in...
SmarterMail CVE-2026-23760 mass exploitation wave
Exploitation WaveAbout this happening: **CVE-2026-23760** is being exploited against **SmarterMail** to bypass authentication on **internet-facing mail servers**, creating takeover risk across **thousands of exposed in...
King Addons for Elementor privilege escalation flaw (CVE-2025-8489, actively exploited)
Vulnerability
First: 03.12.2025 19:08
Last: 03.12.2025 19:08
Sources 1
About this happening:
Active exploitation of **CVE-2025-8489** in **King Addons for Elementor** creates administrative takeover risk for susceptible **WordPress** sites. The flaw lets unauthenticated a...
King Addons for Elementor privilege escalation flaw (CVE-2025-8489, actively exploited)
VulnerabilityAbout this happening: Active exploitation of **CVE-2025-8489** in **King Addons for Elementor** creates administrative takeover risk for susceptible **WordPress** sites. The flaw lets unauthenticated a...
Timeline
-
04.11.2025 23:46 1 articles · 6mo ago
Wordfence receives report of Post SMTP email-log disclosure issue
Initial DisclosureWordfence receives a report from researcher 'netranger' about a Post SMTP email-log disclosure issue that could enable account takeover attacks against WordPress sites using the plugin.
Show sources
- Hackers exploit WordPress plugin Post SMTP to hijack admin accounts — www.bleepingcomputer.com — 04.11.2025 23:46
-
04.11.2025 23:46 1 articles · 6mo ago
Wordfence validates Post SMTP exploit and discloses CVE-2025-11833
Technical Analysis UpdateWordfence validates the Post SMTP exploit, confirming that the plugin's email-log disclosure flaw can expose password-reset messages, and fully discloses CVE-2025-11833 to vendor Saad Iqbal.
Show sources
- Hackers exploit WordPress plugin Post SMTP to hijack admin accounts — www.bleepingcomputer.com — 04.11.2025 23:46
-
04.11.2025 23:46 1 articles · 6mo ago
Post SMTP 3.6.1 patch fixes CVE-2025-11833
Mitigation Patch UpdatePost SMTP version 3.6.1 arrives as the fix for CVE-2025-11833, addressing the authorization flaw in the plugin's PostmanEmailLogs flow that affected version 3.6.0 and older.
Show sources
- Hackers exploit WordPress plugin Post SMTP to hijack admin accounts — www.bleepingcomputer.com — 04.11.2025 23:46
-
04.11.2025 23:46 2 articles · 6mo ago
Hackers begin exploiting CVE-2025-11833 in Post SMTP
Exploitation ObservedThreat actors begin exploiting CVE-2025-11833 in Post SMTP to read password-reset emails and hijack administrator accounts on more than 400,000 WordPress sites, creating a path to full site compromise.
Show sources
- Hackers exploit WordPress plugin Post SMTP to hijack admin accounts — www.bleepingcomputer.com — 04.11.2025 23:46
- Hackers exploit WordPress plugin Post SMTP to hijack admin accounts — www.bleepingcomputer.com — 04.11.2025 23:46
-
04.11.2025 23:46 1 articles · 6mo ago
Wordfence blocks more than 4,500 Post SMTP exploit attempts
Detection Ioc UpdateWordfence says it has blocked more than 4,500 exploit attempts against Post SMTP customers as active exploitation continues, and website owners are advised to move to version 3.6.1 immediately or disable the plugin.
Show sources
- Hackers exploit WordPress plugin Post SMTP to hijack admin accounts — www.bleepingcomputer.com — 04.11.2025 23:46