← back
CVE-2022-2369

YaySMTP < 2.2.1 - Subscriber+ Logs Disclosure

EPSS 0.6%CWE-862
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
01 Aug 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The YaySMTP WordPress plugin before 2.2.1 does not have capability check in an AJAX action, allowing any logged in users, such as subscriber to view the Logs of the plugin
Affected products
Unknown · YaySMTP – Simple WP SMTP Mail

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://wpscan.com/vulnerability/9ec8d318-9d25-4868-94c6-7c16444c275d