Description
Missing Authorization vulnerability in Gagan Deep Singh PostmarkApp Email Integrator postmarkapp-email-integrator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostmarkApp Email Integrator: from n/a through <= 2.4.
Published: 2025-03-31
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a Missing Authorization flaw (CWE-862) in the Gagan Deep Singh PostmarkApp Email Integrator plugin. It enables attackers to access privileged functions or modify email integration settings without proper authentication, potentially exposing sensitive configuration data or manipulating email delivery.

Affected Systems

Affected systems include WordPress sites that use the PostmarkApp Email Integrator plugin version 2.4 or earlier, including all releases from the initial version up to and including 2.4. The plugin is deployed by the vendor Gagan Deep Singh and is identified by the CNA as a broken access control component.

Risk and Exploitability

The CVSS score of 4.3 indicates moderate severity, and the EPSS score of < 1% suggests a low probability of exploitation at this time. The vulnerability is not listed in CISA’s KEV catalog. Based on the described missing authorization, the likely attack vector is remote web‑based requests that bypass proper role checks, though the exact method of exploitation has not been detailed in the advisory.

Generated by OpenCVE AI on May 1, 2026 at 03:00 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the PostmarkApp Email Integrator plugin to the latest available version (≥ 2.5 if released).
  • Review and enforce proper role‑based access controls in WordPress to ensure that only authorized users can configure or modify email integration settings.
  • Apply the principle of least privilege by removing or restricting administrative capabilities for accounts that do not require them.

Generated by OpenCVE AI on May 1, 2026 at 03:00 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-8815 Missing Authorization vulnerability in Gagan Deep Singh PostmarkApp Email Integrator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PostmarkApp Email Integrator: from n/a through 2.4.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Gagan Deep Singh PostmarkApp Email Integrator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PostmarkApp Email Integrator: from n/a through 2.4. Missing Authorization vulnerability in Gagan Deep Singh PostmarkApp Email Integrator postmarkapp-email-integrator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostmarkApp Email Integrator: from n/a through <= 2.4.
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Mon, 31 Mar 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 31 Mar 2025 13:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Gagan Deep Singh PostmarkApp Email Integrator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PostmarkApp Email Integrator: from n/a through 2.4.
Title WordPress PostmarkApp Email Integrator plugin <= 2.4 - Broken Access Control vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:09.304Z

Reserved: 2025-03-31T10:05:51.138Z

Link: CVE-2025-31576

cve-icon Vulnrichment

Updated: 2025-03-31T16:22:21.582Z

cve-icon NVD

Status : Deferred

Published: 2025-03-31T13:15:51.090

Modified: 2026-04-23T15:27:59.813

Link: CVE-2025-31576

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T03:15:07Z

Weaknesses