CVE-2022-2369

MEDIUM

YaySMTP < 2.2.1 - Authenticated Log Exposure via Missing Capability Check

Title source: llm
STIX 2.1

Description

The YaySMTP WordPress plugin before 2.2.1 does not have capability check in an AJAX action, allowing any logged in users, such as subscriber to view the Logs of the plugin

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/9ec8d318-9d25-4868-94c6-7c16444c275d

Scores

CVSS v3 4.3
EPSS 0.0059
EPSS Percentile 43.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-862
Status published
Products (1)
yaycommerce/yaysmtp < 2.2.1
Published Aug 01, 2022
Tracked Since Feb 18, 2026