Lucene search

WpvulndbWPVDB-ID:5B2AD63D-2EF4-4263-B774-6677867F34FA

HistoryJun 14, 2024 - 12:00 a.m.

Easy WP SMTP by SendLayer < 2.3.1 - Exposure of Sensitive Information via the UI

2024-06-1400:00:00

wpscan.com

wordpress

smtp

email log plugin

vulnerable

information exposure

easy wp smtp

sendlayer

authentication

2.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

14.1%

JSON

Description The Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.3.0. This is due to plugin providing the SMTP password in the SMTP Password field when viewing the settings. This makes it possible for authenticated attackers, with administrative-level access and above, to view the SMTP password for the supplied server. Although this would not be useful for attackers in most cases, if an administrator account becomes compromised this could be useful information to an attacker in a limited environment.

CPENameOperatorVersion
eq2.3.1

CPE	Name	Operator	Version
		eq	2.3.1

References

www.wordfence.com/threat-intel/vulnerabilities/id/b043197c-4477-4663-abb8-5840173c574d

2.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

14.1%

JSON

Related for WPVDB-ID:5B2AD63D-2EF4-4263-B774-6677867F34FA