CVE-2022-2352Server-Side Request Forgery in Post Smtp

CWE-918Server-Side Request Forgery3 documents3 sources
Severity
7.2HIGHNVD
EPSS
1.0%
top 22.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Wpexperts Post Smtp
Timeline
PublishedSep 26
Latest updateSep 27

Description

The Post SMTP Mailer/Email Log WordPress plugin before 2.1.7 does not have proper authorisation in some AJAX actions, which could allow high privilege users such as admin to perform blind SSRF on multisite installations for example.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages1 packages

NVDwpexperts/post_smtp< 2.1.7

Patches

Patch: wpscan.comPatch: wpscan.com

🔴Vulnerability Details

2
GHSA
GHSA-6g4h-jgh3-vxwj: The Post SMTP Mailer/Email Log WordPress plugin before 22022-09-27
CVEList
Post SMTP < 2.1.7 - Admin+ Blind SSRF2022-09-26
CVE-2022-2352 — Server-Side Request Forgery | cvebase