CVE-2022-2370

Published Aug 1, 2022

Last updated a year ago

CVSS medium 6.5

Overview

Description: The YaySMTP WordPress plugin before 2.2.1 does not have capability check before displaying the Mailer Credentials in JS code for the settings, allowing any authenticated users, such as subscriber to retrieve them
Source: contact@wpscan.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-862

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:yaycommerce:yaysmtp:*:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C851DF65-56CF-49EE-A017-A546E7AE6ACC",
            "versionEndExcluding": "2.2.1"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References