Over 200,000 WordPress Sites at Risk: The Post SMTP Security Comedy of Errors
Over 200,000 WordPress sites are at risk due to a Post SMTP plugin flaw, allowing hackers to hijack admin accounts. Despite a fix in version 3.3.0, many haven’t updated, leaving sites wide open to cyber shenanigans. If you’re using Post SMTP, upgrading isn’t just smart; it’s a digital lifesaver.
Hot Take:
Oh, WordPress… You had one job: emailing reliably, and now you’re moonlighting as a hacker’s dream access point! Imagine a virtual world where your subscribers are no longer just reading your latest blog post, but also sitting on your admin throne while sipping on a cup of data breach latte. Who knew that a plugin meant for sending emails could deliver a side of chaos? It’s like ordering pizza and getting a free box of gremlins! Grab your keyboards, folks, and update that plugin before your subscribers become the new CEOs of your site.
Key Points:
- More than 200,000 WordPress sites are using a vulnerable version of the Post SMTP plugin.
- The flaw identified as CVE-2025-24000 has a severity score of 8.8.
- The vulnerability allows low-privileged users to hijack admin accounts via email logs.
- A fix was released on June 11, yet only 48.5% of users have updated the plugin.
- Thousands are still using older, more vulnerable versions of the plugin.