top of page
perceptive_background_267k.jpg

The Sendmachine for WordPress plugin for WordPress is vulnerable to authorization bypass via the 'manage_admin_requests' function in all versions up to, and inc…

Published:

21 April 2026 at 22:00:00

Alert date:

22 April 2026 at 22:11:22

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies

The Sendmachine for WordPress plugin contains an authorization bypass vulnerability in the 'manage_admin_requests' function affecting all versions up to 1.0.20. The vulnerability allows unauthenticated attackers to overwrite SMTP configuration settings due to improper user authorization verification. This can enable attackers to intercept all outbound emails from the affected WordPress site, including sensitive password reset emails. The vulnerability poses a high risk as it requires no authentication and can lead to email interception and potential account takeover scenarios.

Technical details

Mitigation steps:

Affected products:

Sendmachine for WordPress plugin

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-6235
https://plugins.trac.wordpress.org/browser/sendmachine/tags/1.0.20/includes/sendmachine_email_manager.php#L39
https://plugins.trac.wordpress.org/browser/sendmachine/tags/1.0.20/sendmachine_wp_admin.php#L174
https://plugins.trac.wordpress.org/browser/sendmachine/tags/1.0.20/sendmachine_wp_admin.php#L183
https://www.wordfence.com/threat-intel/vulnerabilities/id/7889e071-84a8-46ec-abe5-5c98980ce275?source=cve

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page