new wordpress website takeover vuln (video + poc )
by zinzeur - Sunday January 14, 2024 at 04:28 PM
Banned

Posts: 4
Threads: 2
Joined: Dec 2023
Reputation: 0

#31
03-09-2024, 05:16 PM
[quote="zinzeur" pid='352841' dateline='1705249732']
Esta é uma vulnerabilidade totalmente nova (lançada há cerca de 3 dias) que afeta sites wordpress (qualquer versão) com a versão instalada do plugin post smtp <= 2.8.7 (a mais recente é 2.8.9). Ele permite o controle completo do administrador, redefinindo a senha e recuperando e-mails enviados da API de log smtp. Aproveitar !!
ps: O vídeo é meu
vídeo :
Aproveitar
[/citar]
thanks for post brother

[url=https://raidforums.hn/private.php?action=send&uid=13584][/url]
Ban reason: Document sales are not permitted on this forum. (Permanent)
Reply
RaidForums
Member
Posts: 9
Threads: 0
Joined: Jan 2024
Reputation: 0

#32
03-11-2024, 02:26 PM
(01-14-2024, 04:28 PM)zinzeur Wrote: This is a brand new vuln (released about 3 days ago) affecting wordpress websites (any version) with post smtp plugin installed version <=2.8.7 (latest is 2.8.9). It allows complete admin takeover by ressetting password and retrieving sent email from smtp log api . Enjoy !!
ps: The video is mine
video :
Enjoy

tks rlly much lol.
Reply
RaidForums
Member
Posts: 13
Threads: 1
Joined: Oct 2023
Reputation: 0

#33
03-11-2024, 02:36 PM
Thankyou very much for the share. Will see if it works.
Reply
RaidForums
Member
Posts: 4
Threads: 0
Joined: Mar 2024
Reputation: 0

#34
03-12-2024, 07:40 AM
thanks for vuln
Reply
RaidForums
Member
Posts: 3
Threads: 0
Joined: Mar 2024
Reputation: 0

#35
03-12-2024, 09:07 AM
thanks, check it out
Reply
RaidForums
Member
Posts: 5
Threads: 0
Joined: Mar 2024
Reputation: 0

#36
03-12-2024, 11:27 PM
Thanks for sharing
Reply
RaidForums
Member
Posts: 15
Threads: 0
Joined: Mar 2024
Reputation: 0

#37
03-18-2024, 02:49 PM
does it works still or not
Reply
RaidForums
Member
Posts: 26
Threads: 1
Joined: Nov 2023
Reputation: 0

#38
03-20-2024, 01:56 PM
thank you so much
Reply
RaidForums
Member
Posts: 82
Threads: 11
Joined: Jan 2024
Reputation: 0

#39
03-20-2024, 07:30 PM
Lets see this, sounds interesting
Reply
Banned

Posts: 45
Threads: 0
Joined: Sep 2023
Reputation: 0

#40
03-22-2024, 06:12 AM
(01-14-2024, 04:28 PM)zinzeur Wrote: This is a brand new vuln (released about 3 days ago) affecting wordpress websites (any version) with post smtp plugin installed version <=2.8.7 (latest is 2.8.9). It allows complete admin takeover by ressetting password and retrieving sent email from smtp log api . Enjoy !!
ps: The video is mine
video :
Enjoy

thank you so much
Ban reason: Replying With Hidden Content (Permanent)
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  [POC] Google OAuth "MultiLogin" endpoint 0-day Farfallaiero 106 13,201 02-10-2026, 03:34 PM
Last Post: birhikayemvar
  Cool Remote Patching ETW/Amsi PoC pepeloco 6 2,092 02-08-2026, 07:58 AM
Last Post: zeroday99
  CVE-2025-40554 - SolarWinds Web Help Desk Auth Bypass & RCE PoC miyako 3 73 02-07-2026, 03:32 PM
Last Post: cysc
  POC CVE-2025-24071 caca28sapo1 15 805 02-07-2026, 08:53 AM
Last Post: hacker0123
  WordPress LFI to RCE - CVE-2025-0366 Serious 1 457 02-05-2026, 09:53 AM
Last Post: Sammm89



 Users browsing this thread: 1 Guest(s)