Total
6 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-45829 | 1 Wp-ecommerce | 1 Easy Wp Smtp | 2022-12-08 | N/A | 8.1 HIGH |
Auth. Path Traversal vulnerability in Easy WP SMTP plugin <= 1.5.1 at WordPress. | |||||
CVE-2022-45833 | 1 Wp-ecommerce | 1 Easy Wp Smtp | 2022-12-08 | N/A | 6.5 MEDIUM |
Auth. Path Traversal vulnerability in Easy WP SMTP plugin <= 1.5.1 on WordPress. | |||||
CVE-2022-42699 | 1 Wp-ecommerce | 1 Easy Wp Smtp | 2022-12-08 | N/A | 8.8 HIGH |
Auth. Remote Code Execution vulnerability in Easy WP SMTP plugin <= 1.5.1 on WordPress. | |||||
CVE-2022-3334 | 1 Wp-ecommerce | 1 Easy Wp Smtp | 2022-11-01 | N/A | 7.2 HIGH |
The Easy WP SMTP WordPress plugin before 1.5.0 unserialises the content of an imported file, which could lead to PHP object injection issue when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog. | |||||
CVE-2020-35234 | 1 Wp-ecommerce | 1 Easy Wp Smtp | 2020-12-15 | 5.0 MEDIUM | 7.5 HIGH |
The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrator account takeover, as exploited in the wild in December 2020. If an attacker can list the wp-content/plugins/easy-wp-smtp/ directory, then they can discover a log file (such as #############_debug_log.txt) that contains all password-reset links. The attacker can request a reset of the Administrator password and then use a link found there. | |||||
CVE-2017-7723 | 1 Wp-ecommerce | 1 Easy Wp Smtp | 2017-06-01 | 4.3 MEDIUM | 6.1 MEDIUM |
XSS exists in Easy WP SMTP (before 1.2.5), a WordPress Plugin, via the e-mail subject or body. |