CVE-2022-2369 YaySMTP < 2.2.1 - Subscriber+ Logs Disclosure

2022-08-0112:52:42

CWE-862

WPScan

www.cve.org

4.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.0%

JSON

The YaySMTP WordPress plugin before 2.2.1 does not have capability check in an AJAX action, allowing any logged in users, such as subscriber to view the Logs of the plugin

CNA Affected

[
  {
    "product": "YaySMTP – Simple WP SMTP Mail",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "2.2.1",
        "status": "affected",
        "version": "2.2.1",
        "versionType": "custom"
      }
    ]
  }
]