2 matches found
CVE-2022-2370
The YaySMTP WordPress plugin before 2.2.1 does not have capability check before displaying the Mailer Credentials in JS code for the settings, allowing any authenticated users, such as subscriber to retrieve them...
CVE-2022-2370
CVE-2022-2370 affects the YaySMTP WordPress plugin prior to 2.2.1. The root cause is a missing capability check before rendering Mailer Credentials in JavaScript on the settings page, allowing any authenticated user (e.g., subscriber) to view them. Documented impact is exposure of SMTP credential...