Lucene search

PatchstackVULNRICHMENT:CVE-2023-52233

HistoryJun 11, 2024 - 4:05 p.m.

CVE-2023-52233 WordPress POST SMTP Mailer plugin <= 2.8.6 - Broken Access Control on API vulnerability

2024-06-1116:05:38

CWE-862

Patchstack

github.com

wordpress

smtp

mailer

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Missing Authorization vulnerability in Post SMTP Post SMTP Mailer/Email Log.This issue affects Post SMTP Mailer/Email Log: from n/a through 2.8.6.

CNA Affected

[
  {
    "vendor": "Post SMTP",
    "product": "Post SMTP Mailer/Email Log",
    "versions": [
      {
        "status": "affected",
        "changes": [
          {
            "at": "2.8.7",
            "status": "unaffected"
          }
        ],
        "version": "n/a",
        "versionType": "custom",
        "lessThanOrEqual": "2.8.6"
      }
    ],
    "packageName": "post-smtp",
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected"
  }
]

References

patchstack.com/database/vulnerability/post-smtp/wordpress-post-smtp-mailer-plugin-2-8-6-broken-access-control-on-api-vulnerability?_s_id=cve

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for VULNRICHMENT:CVE-2023-52233