This vulnerability allows unauthenticated attackers to bypass authorization checks in the Sendmachine WordPress plugin. Attackers can overwrite the plugin's SMTP configuration to intercept all outbound emails from the site, including password reset emails. This can easily lead to full administrative takeover of the WordPress site.
Remediation
Update the Sendmachine plugin to the latest patched version immediately. If no patch is available, uninstall the plugin and replace it with a maintained alternative SMTP solution. Audit site configurations for unauthorized changes to SMTP settings.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.