Lucene search
WPScanCVELIST:CVE-2022-2352HistorySep 26, 2022 - 12:35 p.m.
CVE-2022-2352 Post SMTP < 2.1.7 - Admin+ Blind SSRF
2022-09-2612:35:32
CWE-918
WPScan
www.cve.org
cve-2022-2352
post smtp
blind ssrf
0.001 Low
EPSS
Percentile
43.1%
The Post SMTP Mailer/Email Log WordPress plugin before 2.1.7 does not have proper authorisation in some AJAX actions, which could allow high privilege users such as admin to perform blind SSRF on multisite installations for example.
CNA Affected
[
{
"product": "Post SMTP Mailer/Email Log",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.1.7",
"status": "affected",
"version": "2.1.7",
"versionType": "custom"
}
]
}
]Related
patchstack
patchstack
wpvulndb
wpvulndb
Post SMTP < 2.1.7 - Admin+ Blind SSRF
2022-09-05 00:00:00
nvd
nvd
CVE-2022-2352
2022-09-26 13:15:10
cnvd
cnvd
WordPress Post SMTP Mailer/Email Log server request forgery vulnerability
2022-09-28 00:00:00
cve
cve
CVE-2022-2352
2022-09-26 13:15:10
wpexploit
wpexploit
Post SMTP < 2.1.7 - Admin+ Blind SSRF
2022-09-05 00:00:00
prion
prion
Server side request forgery (ssrf)
2022-09-26 13:15:00
openvas
openvas
WordPress Post SMTP Mailer/Email Log Plugin < 2.1.7 SSRF Vulnerability
2022-10-04 00:00:00