CVE-2022-2369

Published Aug 1, 2022

Last updated 6 months ago

CVSS medium 4.3

Overview

Description: The YaySMTP WordPress plugin before 2.2.1 does not have capability check in an AJAX action, allowing any logged in users, such as subscriber to view the Logs of the plugin
Source: contact@wpscan.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 4.3
Impact score: 1.4
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Severity: MEDIUM

Weaknesses

contact@wpscan.com: CWE-862

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:yaycommerce:yaysmtp:*:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C851DF65-56CF-49EE-A017-A546E7AE6ACC",
            "versionEndExcluding": "2.2.1"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.