Search a vulnerability

All the vulnerabilites related to Unknown - YaySMTP

cve-2022-2370

Vulnerability from cvelistv5

Published

2022-08-01 12:52

Modified

2024-08-03 00:32

Severity ?

Summary

YaySMTP < 2.2.1 - Subscriber+ SMTP Credentials Leak

References

▼	URL	Tags
	https://wpscan.com/vulnerability/bedda2a9-6c52-478e-b17a-7a4488419334	exploit, vdb-entry, technical-description

Impacted products

▼	Vendor	Product
	Unknown	YaySMTP

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:32:09.695Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "exploit",
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/bedda2a9-6c52-478e-b17a-7a4488419334"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "product": "YaySMTP",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "2.2.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Rafshanzani Suhada"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "WPScan"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The YaySMTP WordPress plugin before 2.2.1 does not have capability check before displaying the Mailer Credentials in JS code for the settings, allowing any authenticated users, such as subscriber to retrieve them"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-862 Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-04T08:50:23.489Z",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "exploit",
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://wpscan.com/vulnerability/bedda2a9-6c52-478e-b17a-7a4488419334"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "YaySMTP \u003c 2.2.1 - Subscriber+ SMTP Credentials Leak",
      "x_generator": {
        "engine": "WPScan CVE Generator"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2022-2370",
    "datePublished": "2022-08-01T12:52:51",
    "dateReserved": "2022-07-11T00:00:00",
    "dateUpdated": "2024-08-03T00:32:09.695Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}