Unrestricted Access to YaySMTP WordPress Plugin Logs
CVE-2022-2369 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
The YaySMTP WordPress plugin before 2.2.1 does not have capability check in an AJAX action, allowing any logged in users, such as subscriber to view the Logs of the plugin
Learn more about our Wordpress Pen Testing.