2 matches found
CVE-2022-2372
The CVE covers the YaySMTP WordPress plugin prior to version 2.2.2. Root cause: the plugin does not sanitise and escape some settings, enabling Stored Cross-Site Scripting when unfiltered_html is disallowed (e.g., in multisite setups). Affected component is the WordPress plugin code handling emai...
CVE-2022-2372 YaySMTP < 2.2.2 - Admin+ Stored Cross-Site Scripting
The YaySMTP WordPress plugin before 2.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup...