CVE-2022-2369 : The YaySMTP WordPress plugin before 2.2.1 does not have capability check in an A

The YaySMTP WordPress plugin before 2.2.1 does not have capability check in an AJAX action, allowing any logged in users, such as subscriber to view the Logs of the plugin

Published 2022-08-01 13:15:11

Updated 2022-08-05 15:17:54

Source WPScan

View at NVD, CVE.org

Products affected by CVE-2022-2369

Yaycommerce » Yaysmtp » For Wordpress
Versions before (<) 2.2.1
cpe:2.3:a:yaycommerce:yaysmtp:*:*:*:*:*:wordpress:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2022-2369

EPSS FAQ

0.11%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 30 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-2369

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	2.8	1.4	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None

CWE ids for CVE-2022-2369

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Assigned by: contact@wpscan.com (Primary)

References for CVE-2022-2369

https://wpscan.com/vulnerability/9ec8d318-9d25-4868-94c6-7c16444c275d

Exploit;Third Party Advisory

Jump to

Vulnerability Details : CVE-2022-2369

Products affected by CVE-2022-2369

Exploit prediction scoring system (EPSS) score for CVE-2022-2369

CVSS scores for CVE-2022-2369

CWE ids for CVE-2022-2369

References for CVE-2022-2369