{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-16T18:24:18.601","vulnerabilities":[{"cve":{"id":"CVE-2025-6993","sourceIdentifier":"security@wordfence.com","published":"2025-07-16T10:15:29.297","lastModified":"2025-08-02T01:29:41.363","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The Ultimate WP Mail plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization within the get_email_log_details() AJAX handler in versions 1.0.17 to 1.3.6. The handler reads the client-supplied post_id and retrieves the corresponding email log post content (including the password-reset link), relying only on the ‘edit_posts’ capability without restricting to administrators or validating ownership. This makes it possible for authenticated attackers, with Contributor-level access and above, to harvest an admin’s reset link and elevate their privileges to administrator."},{"lang":"es","value":"El complemento Ultimate WP Mail para WordPress es vulnerable a la escalada de privilegios debido a una autorización incorrecta en el controlador AJAX get_email_log_details() en las versiones 1.0.17 a 1.3.6. Este controlador lee el post_id proporcionado por el cliente y recupera el contenido correspondiente de la publicación del registro de correo electrónico (incluido el enlace para restablecer la contraseña), utilizando únicamente la función \"edit_posts\", sin restringir a los administradores ni validar la propiedad. Esto permite a atacantes autenticados, con acceso de colaborador o superior, obtener el enlace de restablecimiento de un administrador y elevar sus privilegios a administrador."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rustaurius:ultimate_wp_mail:*:*:*:*:*:wordpress:*:*","versionStartIncluding":"1.0.17","versionEndExcluding":"1.3.7","matchCriteriaId":"BD75C6E6-1E99-46D2-926D-AEC9EDE990EE"}]}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/ultimate-wp-mail/tags/1.3.6/includes/Ajax.class.php","source":"security@wordfence.com","tags":["Product"]},{"url":"https://plugins.trac.wordpress.org/changeset/3328277","source":"security@wordfence.com","tags":["Patch"]},{"url":"https://wordpress.org/plugins/ultimate-wp-mail/#developers","source":"security@wordfence.com","tags":["Product"]},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b19794de-b623-4017-bd91-73986383c58b?source=cve","source":"security@wordfence.com","tags":["Third Party Advisory"]}]}}]}