CVE-2024-3073

2024-06-1309:15:13

[email protected]

web.nvd.nist.gov

cve-2024-3073

easy wp smtp

sendlayer

wordpress

smtp

email log

plugin

vulnerable

information exposure

authentication

administrative access

2.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

3.5 Low

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.1%

JSON

The Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.3.0. This is due to plugin providing the SMTP password in the SMTP Password field when viewing the settings. This makes it possible for authenticated attackers, with administrative-level access and above, to view the SMTP password for the supplied server. Although this would not be useful for attackers in most cases, if an administrator account becomes compromised this could be useful information to an attacker in a limited environment.

Affected configurations

Vulners

Node

smubeasy_wp_smtp_by_sendlayer_–_wordpress_smtp_and_email_log_pluginRange≤2.3.0

CNA Affected

[
  {
    "vendor": "smub",
    "product": "Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "2.3.0",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]