Refine your search

1 vulnerability found for WordPress SMTP Service, Email Delivery Solved! — MailHawk by Adrian Tobey

CVE-2025-31015 (GCVE-0-2025-31015)
Vulnerability from cvelistv5
Published
2025-04-11 08:42
Modified
2026-04-28 16:12
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE
  • CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Summary
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Adrian Tobey WordPress SMTP Service, Email Delivery Solved! — MailHawk mailhawk allows PHP Local File Inclusion.This issue affects WordPress SMTP Service, Email Delivery Solved! — MailHawk: from n/a through <= 1.3.1.
References
Impacted products
Vendor Product Version
Adrian Tobey WordPress SMTP Service, Email Delivery Solved! — MailHawk Version: 0   <
Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-31015",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-11T13:45:38.127046Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-11T13:54:14.149Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "mailhawk",
          "product": "WordPress SMTP Service, Email Delivery Solved! \u2014 MailHawk",
          "vendor": "Adrian Tobey",
          "versions": [
            {
              "changes": [
                {
                  "at": "1.3.2",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "1.3.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Nguyen Xuan Chien | Patchstack Bug Bounty Program"
        }
      ],
      "datePublic": "2026-04-01T16:37:02.487Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027) vulnerability in Adrian Tobey WordPress SMTP Service, Email Delivery Solved! \u2014 MailHawk mailhawk allows PHP Local File Inclusion.\u003cp\u003eThis issue affects WordPress SMTP Service, Email Delivery Solved! \u2014 MailHawk: from n/a through \u003c= 1.3.1.\u003c/p\u003e"
            }
          ],
          "value": "Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027) vulnerability in Adrian Tobey WordPress SMTP Service, Email Delivery Solved! \u2014 MailHawk mailhawk allows PHP Local File Inclusion.This issue affects WordPress SMTP Service, Email Delivery Solved! \u2014 MailHawk: from n/a through \u003c= 1.3.1."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-252",
          "descriptions": [
            {
              "lang": "en",
              "value": "PHP Local File Inclusion"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-98",
              "description": "Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-28T16:12:03.629Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/Wordpress/Plugin/mailhawk/vulnerability/wordpress-wordpress-smtp-service-email-delivery-solved-mailhawk-1-3-1-local-file-inclusion-vulnerability?_s_id=cve"
        }
      ],
      "title": "WordPress SMTP Service, Email Delivery Solved! \u2014 MailHawk plugin \u003c= 1.3.1 - Local File Inclusion Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2025-31015",
    "datePublished": "2025-04-11T08:42:49.225Z",
    "dateReserved": "2025-03-26T09:23:06.940Z",
    "dateUpdated": "2026-04-28T16:12:03.629Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}