CVE-2022-42699

CRITICAL

Easy WP SMTP <= 1.5.1 - Authenticated Remote Code Execution

Title source: llm

Auth. Remote Code Execution vulnerability in Easy WP SMTP plugin <= 1.5.1 on WordPress.

Core 1

Core References

Third Party Advisory vdb-entry

CVSS v3 9.1

EPSS 0.0132

EPSS Percentile 67.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

CWE

CWE-94

Status published

Products (2)

wp-ecommerce/easy_wp_smtp < 1.5.1

WPecommerce, Alexanderfoxc/Easy WP SMTP < 1.5.1

Published Dec 06, 2022

Tracked Since Feb 18, 2026