exploitDog

CVE-2022-2352

Опубликовано: 26 сент. 2022

Источник: nvd

CVSS3: 7.2

EPSS Низкий

Описание

The Post SMTP Mailer/Email Log WordPress plugin before 2.1.7 does not have proper authorisation in some AJAX actions, which could allow high privilege users such as admin to perform blind SSRF on multisite installations for example.

Ссылки

https://wpscan.com/vulnerability/dc99ac40-646a-4f8e-b2b9-dc55d6d4c55c
Exploit
Patch
Third Party Advisory
https://wpscan.com/vulnerability/dc99ac40-646a-4f8e-b2b9-dc55d6d4c55c
Exploit
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wpexperts:post_smtp:*:*:*:*:*:wordpress:*:*

Версия до 2.1.7 (исключая)

EPSS

Процентиль: 76%

0.0095

Низкий

7.2 High

CVSS3

Дефекты

CWE-918

Связанные уязвимости

GHSA-6g4h-jgh3-vxwj

CVSS3: 7.2

github

больше 3 лет назад

The Post SMTP Mailer/Email Log WordPress plugin before 2.1.7 does not have proper authorisation in some AJAX actions, which could allow high privilege users such as admin to perform blind SSRF on multisite installations for example.

EPSS

Процентиль: 76%

0.0095

Низкий

7.2 High

CVSS3

Дефекты

CWE-918