CVE-2022-2371
N/A
N/A
Summary
The YaySMTP WordPress plugin before 2.2.1 does not have proper authorisation when saving its settings, allowing users with a role as low as subscriber to change them, and use that to conduct Stored Cross-Site Scripting attack due to the lack of escaping in them as well.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | YaySMTP – Simple WP SMTP Mail | 2.2.1 < 2.2.1 | affected |
Weaknesses
- CWE-79: CWE-79 Cross-Site Scripting (XSS)
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.