Easy WP SMTP < 1.5.2 – Admin+ RCE | CVE 2022-42699

Affects Plugins

easy-wp-smtp

Fixed in 1.5.2

References

CVE

CVE-2022-42699

Classification

Type

RCE

OWASP top 10

A1: Injection

CWE

CWE-94

CVSS

4.7 (medium)

Miscellaneous

Original Researcher

Tomasz Staszyszyn

Verified

No

WPVDB ID

67c2e25d-b748-495c-aaf3-e47aa752a7c1

Timeline

Publicly Published

2022-11-30 (about 3 years ago)

Added

2022-12-07 (about 3 years ago)

Last Updated

2022-12-07 (about 3 years ago)

Other

Published

Title

Published

2024-06-20

Title

WishList Member X < 3.26.7 - Subscriber+ Remote Code Execution

Published

2021-09-13

Title

EditorsKit < 1.31.6 - Contributor+ Arbitrary PHP Code Execution

Published

2017-11-11

Title

WP Support Plus Responsive Ticket System < 8.0.8 - Remote Code Execution (RCE)

Published

2025-04-09

Title

azurecurve Shortcodes in Comments <= 2.0.2 - Unauthenticated Arbitrary Shortcode Execution

Published

2024-11-15

Title

Uix Slideshow < 1.6.6 - Unauthenticated Arbitrary Shortcode Execution