CVE-2023-6620

CWE-89SQL Injection3 documents3 sources
Severity
7.2HIGH
EPSS
1.9%
top 16.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown Post Smtp MailerWpexperts Post Smtp
Timeline
PublishedJan 15

Description

The POST SMTP Mailer WordPress plugin before 2.8.7 does not properly sanitise and escape several parameters before using them in SQL statements, leading to a SQL injection exploitable by high privilege users such as admin.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

CVEListV5unknown/post_smtp_mailer< 2.8.7
NVDwpexperts/post_smtp< 2.8.7

🔴Vulnerability Details

2
CVEList
Post SMTP < 2.8.7 - Admin+ SQL Injection2024-01-15
GHSA
GHSA-4xvm-vc4w-9h2j: The POST SMTP Mailer WordPress plugin before 22024-01-15
CVE-2023-6620 (HIGH CVSS 7.2) | The POST SMTP Mailer WordPress plug | cvebase.io