exploitDog

CVE-2022-2370

Опубликовано: 01 авг. 2022

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

The YaySMTP WordPress plugin before 2.2.1 does not have capability check before displaying the Mailer Credentials in JS code for the settings, allowing any authenticated users, such as subscriber to retrieve them

Ссылки

https://wpscan.com/vulnerability/bedda2a9-6c52-478e-b17a-7a4488419334
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/bedda2a9-6c52-478e-b17a-7a4488419334
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:yaycommerce:yaysmtp:*:*:*:*:*:wordpress:*:*

Версия до 2.2.1 (исключая)

EPSS

Процентиль: 67%

0.00541

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-862

Связанные уязвимости

GHSA-7vqg-r6cw-6w76

CVSS3: 6.5

github

больше 3 лет назад

The YaySMTP WordPress plugin before 2.2.1 does not have capability check before displaying the Mailer Credentials in JS code for the settings, allowing any authenticated users, such as subscriber to retrieve them

EPSS

Процентиль: 67%

0.00541

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-862