CVE-2026-6963 - Vulnerability Analysis
HighCVSS: 8.8Last Updated: May 2, 2026
WP Mail Gateway WordPress plugin - Authorization Bypass
Published: May 2, 2026Updated: May 2, 2026Remote Exploitable
Overview
WP Mail Gateway WordPress plugin <= 1.8 contains an authorization bypass caused by missing capability check on wmg_save_provider_config AJAX action, letting authenticated attackers with Subscriber-level access update SMTP settings and redirect mail, exploit requires authenticated user with Subscriber-level or higher.
Severity & Score
Severity: High
CVSS Score: 8.8
Impact
Authenticated attackers can update SMTP settings to redirect mail and escalate privileges by triggering password reset emails, potentially gaining administrator access.
Mitigation
Update to the latest version beyond 1.8.
References
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3515205%40wp-mail-gateway&new=3515205%40wp-mail-gateway&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/c7caf1f4-a8dd-4016-91eb-2adbeed5290a?source=cve
- https://plugins.trac.wordpress.org/browser/wp-mail-gateway/tags/1.8/src/Bootstrap.php#L47
- https://plugins.trac.wordpress.org/browser/wp-mail-gateway/tags/1.8/src/Functions.php#L111
- https://plugins.trac.wordpress.org/browser/wp-mail-gateway/trunk/src/Bootstrap.php#L47
- https://plugins.trac.wordpress.org/browser/wp-mail-gateway/trunk/src/Functions.php#L111
Related Resources
Details
- CVE ID
- CVE-2026-6963
- Severity
- High
- CVSS Score
- 8.8
- Type
- broken_access_control
- Status
- new
CWE
- CWE-862
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H