The POST SMTP Mailer WordPress plugin before 2.8.7 does not properly sanitise and escape several parameters before using them in SQL statements, leading to a SQL injection exploitable by high privilege users such as admin.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/ab5c42ca-ee7d-4344-bd88-0d727ed3d9c4 | Exploit Third Party Advisory |
https://wpscan.com/vulnerability/ab5c42ca-ee7d-4344-bd88-0d727ed3d9c4 | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 08:44
Type | Values Removed | Values Added |
---|---|---|
References | () https://wpscan.com/vulnerability/ab5c42ca-ee7d-4344-bd88-0d727ed3d9c4 - Exploit, Third Party Advisory |
19 Jan 2024, 18:30
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-15 16:15
Updated : 2024-11-21 08:44
NVD link : CVE-2023-6620
Mitre link : CVE-2023-6620
CVE.ORG link : CVE-2023-6620
JSON object : View
Products Affected
wpexperts
- post_smtp_mailer
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')