CVE-2022-2351

UNKNOWN 0.0

Post SMTP < 2.1.4 - Admin+ Stored Cross-Site Scripting

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

The Post SMTP Mailer/Email Log WordPress plugin before 2.1.4 does not escape some of its settings before outputting them in the admins dashboard, allowing high privilege users to perform Cross-Site Scripting attacks against other users even when the unfiltered_html capability is disallowed.

CWE	CWE-79
Vendor	unknown
Product	post smtp mailer/email log
Published	Sep 16, 2022
Last Updated	Aug 3, 2024

Stay Ahead of the Next One

Get instant alerts for unknown post smtp mailer/email log

Be the first to know when new unknown vulnerabilities affecting unknown post smtp mailer/email log are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Unknown / Post SMTP Mailer/Email Log

2.1.4 < 2.1.4

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wpscan.com: https://wpscan.com/vulnerability/f3fda033-58f5-446d-ade4-2336a39bfb87

Credits

Raad Haddad of Cloudyrion GmbH