CVE-2022-2369 – YaySMTP < 2.2.1 - Subscriber+ Logs Disclosure

https://notcve.org/view.php?id=CVE-2022-2369

The YaySMTP WordPress plugin before 2.2.1 does not have capability check in an AJAX action, allowing any logged in users, such as subscriber to view the Logs of the plugin El plugin YaySMTP de WordPress versiones anteriores a 2.2.1, no presenta comprobación de capacidad en una acción AJAX, lo que permite a cualquier usuario autenticado, como el suscriptor, visualizar los registros del plugin The YaySMTP WordPress plugin before 2.2.1 does not have capability check in an AJAX action, allowing any logged in users, such as subscriber to view the logs of the plugin • https://wpscan.com/vulnerability/9ec8d318-9d25-4868-94c6-7c16444c275d • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •