CVE-2022-2369: YaySMTP < 2.2.1 - Subscriber+ Logs Disclosure
First published: Mon Aug 01 2022(Updated: )
The YaySMTP WordPress plugin before 2.2.1 does not have capability check in an AJAX action, allowing any logged in users, such as subscriber to view the Logs of the plugin
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Yaycommerce | <2.2.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2022-2369?
CVE-2022-2369 is considered a medium severity vulnerability due to its potential to expose sensitive plugin logs.
How do I fix CVE-2022-2369?
To fix CVE-2022-2369, update the YaySMTP plugin to version 2.2.1 or later.
Who is affected by CVE-2022-2369?
CVE-2022-2369 affects all versions of the YaySMTP WordPress plugin prior to 2.2.1.
What is the impact of CVE-2022-2369?
The impact of CVE-2022-2369 is that any logged-in user can access and view the plugin logs without proper authorization.
What versions are vulnerable for CVE-2022-2369?
CVE-2022-2369 affects all versions of the YaySMTP plugin below version 2.2.1.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/title
- agent/author
- agent/references
- agent/severity
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/yaycommerce
- canonical/yaycommerce