Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2022-2371

Published: 08/08/2022 Updated: 12/08/2022
CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3
VMScore: 0
Subscribe to Yaysmtp

Vulnerability Summary

The YaySMTP WordPress plugin prior to 2.2.1 does not have proper authorisation when saving its settings, allowing users with a role as low as subscriber to change them, and use that to conduct Stored Cross-Site Scripting attack due to the lack of escaping in them as well.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

yaycommerce yaysmtp

References

CWE-79https://wpscan.com/vulnerability/31405f1e-fc07-43f5-afc1-9cfbaf6911b7https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-3400deserializationCVE-2024-21788CVE-2023-42433CVE-2024-21841CVE-2024-22095local file inclusionmemory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook