The YaySMTP WordPress plugin before 2.2.1 does not have capability check in an AJAX action, allowing any logged in users, such as subscriber to view the Logs of the plugin
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/9ec8d318-9d25-4868-94c6-7c16444c275d | Exploit Third Party Advisory |
Configurations
History
05 Aug 2022, 15:17
Type | Values Removed | Values Added |
---|---|---|
First Time |
Yaycommerce
Yaycommerce yaysmtp |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
CPE | cpe:2.3:a:yaycommerce:yaysmtp:*:*:*:*:*:wordpress:*:* | |
References | (MISC) https://wpscan.com/vulnerability/9ec8d318-9d25-4868-94c6-7c16444c275d - Exploit, Third Party Advisory |
01 Aug 2022, 13:39
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-08-01 13:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-2369
Mitre link : CVE-2022-2369
CVE.ORG link : CVE-2022-2369
JSON object : View
Products Affected
yaycommerce
- yaysmtp
CWE
CWE-862
Missing Authorization