Wp Mail SMTP
by WordPress
CVEs (2)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-6694 | Low | 0.11 | 2.7 | 0.01 | Jul 20, 2024 | The WP Mail SMTP plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 4.0.1. This is due to plugin providing the SMTP password in the SMTP Password field when viewing the settings. This makes it possible for authenticated attackers,… | ||
| CVE-2022-1612 | 0.00 | — | 0.01 | Jun 13, 2022 | The Webriti SMTP Mail WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack |
- risk 0.11cvss 2.7epss 0.01
The WP Mail SMTP plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 4.0.1. This is due to plugin providing the SMTP password in the SMTP Password field when viewing the settings. This makes it possible for authenticated attackers,…
- CVE-2022-1612Jun 13, 2022risk 0.00cvss —epss 0.01
The Webriti SMTP Mail WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack