exploitDog

CVE-2022-2369

Опубликовано: 01 авг. 2022

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

The YaySMTP WordPress plugin before 2.2.1 does not have capability check in an AJAX action, allowing any logged in users, such as subscriber to view the Logs of the plugin

Ссылки

https://wpscan.com/vulnerability/9ec8d318-9d25-4868-94c6-7c16444c275d
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/9ec8d318-9d25-4868-94c6-7c16444c275d
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:yaycommerce:yaysmtp:*:*:*:*:*:wordpress:*:*

Версия до 2.2.1 (исключая)

EPSS

Процентиль: 40%

0.00182

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-862

Связанные уязвимости

GHSA-r4hj-g29h-cqwr

CVSS3: 4.3

github

больше 3 лет назад

The YaySMTP WordPress plugin before 2.2.1 does not have capability check in an AJAX action, allowing any logged in users, such as subscriber to view the Logs of the plugin

EPSS

Процентиль: 40%

0.00182

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-862