The Post SMTP Mailer/Email Log WordPress plugin before 2.1.7 does not have proper authorisation in some AJAX actions, which could allow high privilege users such as admin to perform blind SSRF on multisite installations for example.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/dc99ac40-646a-4f8e-b2b9-dc55d6d4c55c | Exploit Patch Third Party Advisory |
https://wpscan.com/vulnerability/dc99ac40-646a-4f8e-b2b9-dc55d6d4c55c | Exploit Patch Third Party Advisory |
Configurations
History
21 Nov 2024, 07:00
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-09-26 13:15
Updated : 2024-11-21 07:00
NVD link : CVE-2022-2352
Mitre link : CVE-2022-2352
CVE.ORG link : CVE-2022-2352
JSON object : View
Products Affected
wpexperts
- post_smtp
CWE
CWE-918
Server-Side Request Forgery (SSRF)