CVE-2023-3213

2023-10-0402:15:09

[email protected]

web.nvd.nist.gov

cve

wordpress

wp mail smtp pro

vulnerability

unauthorized access

data disclosure

nvd

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.7%

JSON

The WP Mail SMTP Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the is_print_page function in versions up to, and including, 3.8.0. This makes it possible for unauthenticated attackers to disclose potentially sensitive email information.

Affected configurations

Vulners

NVD

Node

wpforms_\(awesome_motive\)wp_mail_smtp_proRange≤3.8.0

CPENameOperatorVersion
wpforms:wp_mail_smtpwpforms wp mail smtple3.8.0

CPE	Name	Operator	Version
wpforms:wp_mail_smtp	wpforms wp mail smtp	le	3.8.0

CNA Affected

[
  {
    "vendor": "WPForms (Awesome Motive)",
    "product": "WP Mail SMTP Pro",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "3.8.0",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]