CVE-2022-2370

MEDIUM

YaySMTP < 2.2.1 - Authenticated Mailer Credentials Exposure via Settings Page

Title source: llm
STIX 2.1

Description

The YaySMTP WordPress plugin before 2.2.1 does not have capability check before displaying the Mailer Credentials in JS code for the settings, allowing any authenticated users, such as subscriber to retrieve them

References (1)

Core 1
Core References
Exploit, Third Party Advisory exploit vdb-entry technical-description
https://wpscan.com/vulnerability/bedda2a9-6c52-478e-b17a-7a4488419334

Scores

CVSS v3 6.5
EPSS 0.0074
EPSS Percentile 50.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-862
Status published
Products (1)
yaycommerce/yaysmtp < 2.2.1
Published Aug 01, 2022
Tracked Since Feb 18, 2026