CVE-2025-11833 - Geek Feed

Security
Tech News

Hackers exploit WordPress plugin Post SMTP to hijack admin accounts

November 7, 2025November 7, 2025 geekfeed0Tagged Account takeover, CVE-2025-11833, email, Plugin, Post SMTP, vulnerability, wordpress

Threat actors are actively exploiting a critical vulnerability in the Post SMTP plugin installed on more than 400,000 WordPress sites, to take complete control by hijacking administrator accounts. Post SMTP is a popular email delivery solution marketed as a feature-rich and more reliable replacement of the default ‘wp_mail()’ function. On October 11, WordPress security firm Wordfence received […]

2 mins read