new wordpress website takeover vuln (video + poc )
by zinzeur - Sunday January 14, 2024 at 04:28 PM
MVP User
MVP
Posts: 139
Threads: 1
Joined: Dec 2024
Reputation: 50

#271
02-03-2025, 10:23 AM
Thanks, it’s cool to share that!
Reply
Breached
Member
Posts: 6
Threads: 0
Joined: Feb 2025
Reputation: 0

#272
02-03-2025, 07:39 PM
Thanks for sharing!
Reply
Banned

Posts: 29
Threads: 0
Joined: Jan 2025
Reputation: 0

#273
02-03-2025, 07:59 PM
(01-14-2024, 04:28 PM)zinzeur Wrote: This is a brand new vuln (released about 3 days ago) affecting wordpress websites (any version) with post smtp plugin installed version <=2.8.7 (latest is 2.8.9). It allows complete admin takeover by ressetting password and retrieving sent email from smtp log api . Enjoy !!
ps: The video is mine
video :
Enjoy

oh, thank you so much my website have this problem
This forum account is currently banned. Ban Length: (Permanent)
Ban Reason: Leeching | http://breachddyfwvcp4kzccos5oxtdbssmfbp...an-Appeals if you feel this is incorrect.
Reply
Breached
Member
Posts: 5
Threads: 0
Joined: Jan 2025
Reputation: 0

#274
02-06-2025, 12:49 AM
thank you so much brotherr
Reply
Banned

Posts: 23
Threads: 0
Joined: Nov 2024
Reputation: 0

#275
02-07-2025, 08:09 AM
thank you so much
This forum account is currently banned. Ban Length: (Permanent)
Ban Reason: Leeching | http://breachddyfwvcp4kzccos5oxtdbssmfbp...an-Appeals if you feel this is incorrect.
Reply
Breached
Member
Posts: 4
Threads: 0
Joined: Jul 2024
Reputation: 0

#276
02-07-2025, 08:33 AM
nice info, I'll check it and test it
Reply
Breached
Member
Posts: 12
Threads: 0
Joined: Feb 2025
Reputation: 0

#277
02-07-2025, 03:58 PM
(01-14-2024, 04:28 PM)zinzeur Wrote: This is a brand new vuln (released about 3 days ago) affecting wordpress websites (any version) with post smtp plugin installed version <=2.8.7 (latest is 2.8.9). It allows complete admin takeover by ressetting password and retrieving sent email from smtp log api . Enjoy !!
ps: The video is mine
video :
Enjoy

so very beautifull poc
Reply
Breached
Member
Posts: 7
Threads: 0
Joined: Mar 2025
Reputation: 0

#278
03-20-2025, 12:55 AM
is it still working guys?
Reply
Breached
Member
Posts: 1
Threads: 0
Joined: Mar 2025
Reputation: 0

#279
03-20-2025, 04:43 PM
(01-14-2024, 04:28 PM)zinzeur Wrote: This is a brand new vuln (released about 3 days ago) affecting wordpress websites (any version) with post smtp plugin installed version <=2.8.7 (latest is 2.8.9). It allows complete admin takeover by ressetting password and retrieving sent email from smtp log api . Enjoy !!
ps: The video is mine
video :
Enjoy

Thank you so much!
Reply
Breached
Member
Posts: 6
Threads: 0
Joined: Mar 2025
Reputation: 0

#280
03-21-2025, 03:33 AM
its fixed or still vuln ?
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  [POC] Google OAuth "MultiLogin" endpoint 0-day Farfallaiero 106 13,201 02-10-2026, 03:34 PM
Last Post: birhikayemvar
  Cool Remote Patching ETW/Amsi PoC pepeloco 6 2,092 02-08-2026, 07:58 AM
Last Post: zeroday99
  CVE-2025-40554 - SolarWinds Web Help Desk Auth Bypass & RCE PoC miyako 3 73 02-07-2026, 03:32 PM
Last Post: cysc
  POC CVE-2025-24071 caca28sapo1 15 805 02-07-2026, 08:53 AM
Last Post: hacker0123
  WordPress LFI to RCE - CVE-2025-0366 Serious 1 457 02-05-2026, 09:53 AM
Last Post: Sammm89



 Users browsing this thread: