Easy WP SMTP <= 1.3.9 - Missing Authorization to Arbitrary Options Update

The Easy WP SMTP plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.3.9. This is due to missing capability checks on the admininit function, in addition to insufficient input validation. This makes it possible for unauthenticated attackers to modify the...

WordPress Easy WP SMTP by SendLayer plugin <= 2.3.0 - Exposure of Sensitive Information via the UI vulnerability

Exposure of Sensitive Information via the UI vulnerability discovered by Finsand in WordPress Plugin Easy WP SMTP versions = 2.3.0...

EUVD-2017-16699

Malware in sbrugna...

EUVD-2022-48683

Malicious code in bioql PyPI...

EUVD-2022-42721

Malicious code in bioql PyPI...

EUVD-2022-48687

Malicious code in bioql PyPI...

EUVD-2024-31679

Malicious code in bioql PyPI...

EUVD-2022-45766

Malicious code in bioql PyPI...

CVE-2022-3334

The Easy WP SMTP WordPress plugin before 1.5.0 unserialises the content of an imported file, which could lead to PHP object injection issue when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog...

CVE-2019-25141

The Easy WP SMTP plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.3.9. This is due to missing capability checks on the admininit function, in addition to insufficient input validation. This makes it possible for unauthenticated attackers to modify the...

Easy WP SMTP by SendLayer < 2.3.1 - Exposure of Sensitive Information via the UI

Description The Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.3.0. This is due to plugin providing the SMTP password in the SMTP Password field when viewing the settings. This make...

CVE-2024-3073

The Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.3.0. This is due to plugin providing the SMTP password in the SMTP Password field when viewing the settings. This makes it possibl...

CVE-2024-3073 Easy WP SMTP by SendLayer <= 2.3.0 - Exposure of Sensitive Information via the UI

The Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.3.0. This is due to plugin providing the SMTP password in the SMTP Password field when viewing the settings. This makes it possibl...

CVE-2024-3073 Easy WP SMTP by SendLayer <= 2.3.0 - Exposure of Sensitive Information via the UI

The Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.3.0. This is due to plugin providing the SMTP password in the SMTP Password field when viewing the settings. This makes it possibl...

CVE-2024-3073

CVE-2024-3073 : Easy WP SMTP by SendLayer (WordPress plugin)

WordPress plugin Easy WP SMTP by SendLayer Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. WordPress plugin Easy WP SMTP by...

CVE-2024-1789

The WP SMTP plugin for WordPress is vulnerable to SQL Injection via the 'search' parameter in versions 1.2 to 1.2.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with...

CVE-2024-1789

CVE-2024-1789 : The WP SMTP plugin for WordPress is affected by an SQL Injection via the 'search' parameter in versions 1.2–1.2.6, caused by insufficient escaping and lack of prepared statements. Exploitation requires authenticated admin-level access or higher, enabling an attacker to append addi...

WordPress WP SMTP plugin 1.2 - 1.2.6 - Authenticated (Admin+) SQL Injection vulnerability

WordPress WP SMTP plugin 1.2 - 1.2.6 - Authenticated Admin+ SQL Injection vulnerability discovered by Christiaan Swiers YouGina in WordPress Plugin WP SMTP versions 1.2 - 1.2.6...

Easy WP SMTP Plugin for WordPress < 1.5.2 Multiple Vulnerabilities

The WordPress Easy WP SMTP Plugin installed on the remote host is affected by multiple vulnerabilities as follows: - A Path Traversal Vulnerability CVE-2022-45833. - A Remote Code Execution vulnerability in the auth component CVE-2022-42699. - A Path Traversal Vulnerability CVE-2022-45829. Note...