Unrestricted Access to YaySMTP WordPress Plugin Logs

Unrestricted Access to YaySMTP WordPress Plugin Logs

CVE-2022-2369 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

The YaySMTP WordPress plugin before 2.2.1 does not have capability check in an AJAX action, allowing any logged in users, such as subscriber to view the Logs of the plugin

Learn more about our Wordpress Pen Testing.