From 5999a2622bc054570b47b193b9b78b0c5fe2c4c4 Mon Sep 17 00:00:00 2001
From: jenkins-metasploit <jenkins-metasploit@build-production.r7ops.com>
Date: Fri, 29 Nov 2024 17:14:25 +0000
Subject: [PATCH] automatic module_metadata_base.json update

---
 db/modules_metadata_base.json | 61 +++++++++++++++++++++++++++++++++++
 1 file changed, 61 insertions(+)

diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json
index 8476b346a2a8..97bdca837434 100644
--- a/db/modules_metadata_base.json
+++ b/db/modules_metadata_base.json
@@ -6188,6 +6188,67 @@
 
     ]
   },
+  "auxiliary_admin/http/wp_post_smtp_acct_takeover": {
+    "name": "Wordpress POST SMTP Account Takeover",
+    "fullname": "auxiliary/admin/http/wp_post_smtp_acct_takeover",
+    "aliases": [
+
+    ],
+    "rank": 300,
+    "disclosure_date": "2024-01-10",
+    "type": "auxiliary",
+    "author": [
+      "h00die",
+      "Ulysses Saicha"
+    ],
+    "description": "The POST SMTP WordPress plugin prior to 2.8.7 is affected by a privilege\n          escalation where an unauthenticated user is able to reset the password\n          of an arbitrary user. This is done by requesting a password reset, then\n          viewing the latest email logs to find the associated password reset email.",
+    "references": [
+      "CVE-2023-6875",
+      "URL-https://github.com/UlyssesSaicha/CVE-2023-6875/tree/main"
+    ],
+    "platform": "",
+    "arch": "",
+    "rport": 80,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": null,
+    "mod_time": "2024-11-28 13:18:47 +0000",
+    "path": "/modules/auxiliary/admin/http/wp_post_smtp_acct_takeover.rb",
+    "is_install_path": true,
+    "ref_name": "admin/http/wp_post_smtp_acct_takeover",
+    "check": true,
+    "post_auth": true,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "ioc-in-logs"
+      ],
+      "Reliability": [
+
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": false,
+    "actions": [
+
+    ]
+  },
   "auxiliary_admin/http/wp_symposium_sql_injection": {
     "name": "WordPress Symposium Plugin SQL Injection",
     "fullname": "auxiliary/admin/http/wp_symposium_sql_injection",