Lucene search
HistorySep 26, 2022 - 1:15 p.m.
CVE-2022-2352
cve-2022-2352
post smtp mailer
email log
wordpress plugin
ajax
authorisation
ssrf
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
43.0%
The Post SMTP Mailer/Email Log WordPress plugin before 2.1.7 does not have proper authorisation in some AJAX actions, which could allow high privilege users such as admin to perform blind SSRF on multisite installations for example.
Affected configurations
Node
wpexpertspost_smtp_mailerRange<2.1.7
| Vendor | Product | Version | CPE |
|---|---|---|---|
| wpexperts | post_smtp_mailer | * | cpe:2.3:a:wpexperts:post_smtp_mailer:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"product": "Post SMTP Mailer/Email Log",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.1.7",
"status": "affected",
"version": "2.1.7",
"versionType": "custom"
}
]
}
]Social References
More
Related
cvelist
cvelist
CVE-2022-2352 Post SMTP < 2.1.7 - Admin+ Blind SSRF
2022-09-26 12:35:32
patchstack
patchstack
wpvulndb
wpvulndb
Post SMTP < 2.1.7 - Admin+ Blind SSRF
2022-09-05 00:00:00
nvd
nvd
CVE-2022-2352
2022-09-26 13:15:10
prion
prion
Server side request forgery (ssrf)
2022-09-26 13:15:00
openvas
openvas
WordPress Post SMTP Mailer/Email Log Plugin < 2.1.7 SSRF Vulnerability
2022-10-04 00:00:00
cnvd
cnvd
WordPress Post SMTP Mailer/Email Log server request forgery vulnerability
2022-09-28 00:00:00
wpexploit
wpexploit
Post SMTP < 2.1.7 - Admin+ Blind SSRF
2022-09-05 00:00:00
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
43.0%
Related for CVE-2022-2352