CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5958 – POST SMTP Mailer < 2.7.1 - Unauthenticated Cross-site Scripting
https://notcve.org/view.php?id=CVE-2023-5958
The POST SMTP Mailer WordPress plugin before 2.7.1 does not escape email message content before displaying it in the backend, allowing an unauthenticated attacker to perform XSS attacks against highly privileged users. El complemento POST SMTP Mailer de WordPress anterior a 2.7.1 no escapa del contenido del mensaje de correo electrónico antes de mostrarlo en el backend, lo que permite a un atacante no autenticado realizar ataques XSS contra usuarios con privilegios elevados. The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email message content in all versions up to, and including, 2.7.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://wpscan.com/vulnerability/22fa478d-e42e-488d-9b4b-a8720dec7cee • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3082 – Post SMTP <= 2.5.7 - Unauthenticated Stored Cross-Site Scripting via Email
https://notcve.org/view.php?id=CVE-2023-3082
The Post SMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 2.5.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://plugins.trac.wordpress.org/changeset/2935537/post-smtp https://www.wordfence.com/threat-intel/vulnerabilities/id/6ecd0fa6-4fdb-4780-9560-0bb126800685?source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3178 – POST SMTP Mailer < 2.5.7 - Arbitrary Log Deletion via CSRF
https://notcve.org/view.php?id=CVE-2023-3178
The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the manage_postman_smtp capability delete arbitrary logs via a CSRF attack. El complemento POST SMTP Mailer de WordPress anterior a 2.5.7 no tiene comprobaciones CSRF adecuadas en algunas acciones AJAX, lo que podría permitir a los atacantes hacer que los usuarios registrados con la capacidad de Manage_postman_smtp eliminen registros arbitrarios mediante un ataque CSRF. The POST SMTP Mailer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.6. This is due to incorrect nonce validation on the delete_logs_ajax() function. This makes it possible for unauthenticated attackers to delete logs granted they can trick a site user with the manage_postman_smtp capability into performing an action such as clicking on a link. • https://wpscan.com/vulnerability/5341cb5d-d204-49e1-b013-f8959461995f • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3179 – POST SMTP Mailer < 2.5.7 - Account Takeover via CSRF
https://notcve.org/view.php?id=CVE-2023-3179
The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the manage_postman_smtp capability resend an email to an arbitrary address (for example a password reset email could be resent to an attacker controlled email, and allow them to take over an account). The POST SMTP Mailer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.6. This is due to incorrect nonce validation on the resend_email() function. This makes it possible for unauthenticated attackers to resend emails to an arbitrary email address via a forged request granted they can trick a site user with the manage_postman_smtp capability into performing an action such as clicking on a link. An attacker could leverage this to resend a password reset email to their own account and compromise a site administrators account. • https://wpscan.com/vulnerability/542caa40-b199-4397-90bb-4fdb693ebb24 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2352 – Post SMTP < 2.1.7 - Admin+ Blind SSRF
https://notcve.org/view.php?id=CVE-2022-2352
The Post SMTP Mailer/Email Log WordPress plugin before 2.1.7 does not have proper authorisation in some AJAX actions, which could allow high privilege users such as admin to perform blind SSRF on multisite installations for example. El plugin Post SMTP Mailer/Email Log de WordPress versiones anteriores a 2.1.7, no presenta la autorización adecuada en algunas acciones AJAX, lo que podría permitir a usuarios con altos privilegios, como los administradores, llevar a cabo SSRF ciegos en instalaciones multisitio, por ejemplo. The Post SMTP plugin for WordPress is vulnerable to blind Server-Side Request Forgery. This is due to improper authorization on some of the plugin's AJAX actions. • https://wpscan.com/vulnerability/dc99ac40-646a-4f8e-b2b9-dc55d6d4c55c • CWE-918: Server-Side Request Forgery (SSRF) •