CVE-2022-2369
MEDIUMYaySMTP < 2.2.1 - Authenticated Log Exposure via Missing Capability Check
Title source: llmDescription
The YaySMTP WordPress plugin before 2.2.1 does not have capability check in an AJAX action, allowing any logged in users, such as subscriber to view the Logs of the plugin
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/9ec8d318-9d25-4868-94c6-7c16444c275d
Scores
CVSS v3
4.3
EPSS
0.0059
EPSS Percentile
43.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-862
Status
published
Products (1)
yaycommerce/yaysmtp
< 2.2.1
Published
Aug 01, 2022
Tracked Since
Feb 18, 2026