Lucene search
HistorySep 26, 2022 - 1:15 p.m.
CVE-2022-2352
wordpress
ajax
authorization
vulnerability
ssrf
multisite
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
43.1%
The Post SMTP Mailer/Email Log WordPress plugin before 2.1.7 does not have proper authorisation in some AJAX actions, which could allow high privilege users such as admin to perform blind SSRF on multisite installations for example.
Affected configurations
Node
wpexpertspost_smtpRange<2.1.7wordpress
Related
cvelist
cvelist
CVE-2022-2352 Post SMTP < 2.1.7 - Admin+ Blind SSRF
2022-09-26 12:35:32
patchstack
patchstack
wpvulndb
wpvulndb
Post SMTP < 2.1.7 - Admin+ Blind SSRF
2022-09-05 00:00:00
openvas
openvas
WordPress Post SMTP Mailer/Email Log Plugin < 2.1.7 SSRF Vulnerability
2022-10-04 00:00:00
prion
prion
Server side request forgery (ssrf)
2022-09-26 13:15:00
cve
cve
CVE-2022-2352
2022-09-26 13:15:10
cnvd
cnvd
WordPress Post SMTP Mailer/Email Log server request forgery vulnerability
2022-09-28 00:00:00
wpexploit
wpexploit
Post SMTP < 2.1.7 - Admin+ Blind SSRF
2022-09-05 00:00:00
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
43.1%
Related for NVD:CVE-2022-2352