CVE-2026-6235 in Sendmachine for WordPress Plugininformation

Résumé

par MITRE • 22/04/2026

The Sendmachine for WordPress plugin for WordPress is vulnerable to authorization bypass via the 'manage_admin_requests' function in all versions up to, and including, 1.0.20. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrite the plugin's SMTP configuration, which can be leveraged to intercept all outbound emails from the site (including password reset emails).

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

Wordfence

Réserver

13/04/2026

Divulgation

22/04/2026

Modérer

accepté

Entrée

VDB-358826

CPE

prêt

CWE

CWE-862 (confirmé)

CVSS

9.8 (CNA)

EPSS

0.00047

KEV

non

Activités

très faible

Secteur

Hostingprovider

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-6235
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-6235
CVE Details	https://www.cvedetails.com/cve/CVE-2026-6235/

◂ Précédent Aperçu Suivant ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!