WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

YaySMTP < 2.2.1 - Subscriber+ SMTP Credentials Leak

Description

The plugin does not have capability check before displaying the Mailer Credentials in JS code for the settings, allowing any authenticated users, such as subscriber to retrieve them

Proof of Concept

Install the plugin and configure any mailer other than Default.

Access the wp-admin area with a Subscriber+ user and monitor the traffic using your preferable tool.

Look for var yaySmtpWpData = in the HTTP Response and you'll find all the leaked credentials.

Affects Plugins

yaysmtp
Fixed in version 2.2.1

References

CVE
CVE-2022-2370

Classification

Type

NO AUTHORISATION

OWASP top 10
A5: Broken Access Control
CWE
CWE-862

Miscellaneous

Original Researcher

Rafshanzani Suhada

Submitter

Rafshanzani Suhada

Verified

Yes

WPVDB ID
bedda2a9-6c52-478e-b17a-7a4488419334

Timeline

Publicly Published

2022-07-11 (about 2 months ago)

Added

2022-07-11 (about 2 months ago)

Last Updated

2022-07-11 (about 2 months ago)

Our Other Services

WPScan WordPress Security Plugin