cbcvebase.
CVE-2022-2352
published 2022-09-26

CVE-2022-2352: The Post SMTP Mailer/Email Log WordPress plugin before 2.1.7 does not have proper authorisation in some AJAX actions, which could allow high privilege users…

PriorityP336high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
1.03%
59.3th percentile
The Post SMTP Mailer/Email Log WordPress plugin before 2.1.7 does not have proper authorisation in some AJAX actions, which could allow high privilege users such as admin to perform blind SSRF on multisite installations for example.

Affected

1 ranges
VendorProductVersion rangeFixed in
wpexpertspost_smtp< 2.1.72.1.7
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.