WordPress Plugin Vulnerabilities
YaySMTP < 2.2.1 - Subscriber+ SMTP Credentials Leak
Description
The plugin does not have capability check before displaying the Mailer Credentials in JS code for the settings, allowing any authenticated users, such as subscriber to retrieve them
Proof of Concept
Install the plugin and configure any mailer other than Default. Access the wp-admin area with a Subscriber+ user and monitor the traffic using your preferable tool. Look for var yaySmtpWpData = in the HTTP Response and you'll find all the leaked credentials.
Affects Plugins
References
CVE
Classification
Type
NO AUTHORISATION
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Rafshanzani Suhada
Submitter
Rafshanzani Suhada
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2022-07-11 (about 1 years ago)
Added
2022-07-11 (about 1 years ago)
Last Updated
2023-04-14 (about 1 years ago)