{"id":"CVE-2025-22800","details":"Missing Authorization vulnerability in Post SMTP Post SMTP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post SMTP: from n/a through 2.9.11.","modified":"2026-04-10T05:22:46.066196Z","published":"2025-01-13T14:15:13.067Z","references":[{"type":"ADVISORY","url":"https://patchstack.com/database/wordpress/plugin/post-smtp/vulnerability/wordpress-post-smtp-plugin-2-9-11-broken-access-control-vulnerability?_s_id=cve"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/wpexpertsio/post-smtp","events":[{"introduced":"0"},{"fixed":"f1c81d8c84d416f763cf7cdd99468cba475cff4d"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.9.12"}]}}],"versions":["2.0.1","2.0.10","2.0.11","2.0.12","2.0.13","2.0.14","2.0.15","2.0.16","2.0.17","2.0.18","2.0.19","2.0.2","2.0.20","2.0.21","2.0.22","2.0.23","2.0.24","2.0.25","2.0.25-beta.1","2.0.26","2.0.27","2.0.3","2.0.4","2.0.5","2.0.6","2.0.7","2.0.8","2.0.9","2.1","2.1-beta.1","2.1.1","2.1.1.1","2.1.2","2.1.2-beta-1","2.1.2-rc.1","2.1.2-rc.2","2.1.4","2.1.4-beta.1","2.1.4-rc.1","2.1.4-rc.2","2.1.6","2.1.7","2.1.8","2.2","2.2-beta.2","2.2.1","2.3","2.3.1","2.4","2.4-beta.1","2.4.1","2.4.2","2.4.2-beta.2","2.4.3","2.5-beta.1","2.5-rc.1","2.5-rc.2","2.5-rc.3","2.5.0","2.5.1","2.5.2","2.5.3","2.5.4","2.5.5","2.5.6","2.5.7","2.5.8","2.5.9-beta.1","2.9.10","2.9.11","2.9.4","v.1.9.0","v.1.9.1","v.1.9.2","v1.9.3","v1.9.4","v1.9.5","v1.9.6","v1.9.7","v1.9.8"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-22800.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}