The Easy WP SMTP plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.3.9. This is due to missing capability checks on the admin_init() function, in addition to insufficient input validation. This makes it possible for unauthenticated attackers to modify the plugins settings and arbitrary options on the site that can be used to inject new administrative user accounts.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Wordfence
Published: 2023-06-07T01:51:28.969Z
Updated: 2023-06-07T01:51:28.969Z
Reserved: 2023-06-06T12:54:13.636Z
Link: CVE-2019-25141
JSON object: View
NVD Information
Status : Modified
Published: 2023-06-07T02:15:10.180
Modified: 2023-11-07T03:09:21.390
Link: CVE-2019-25141
JSON object: View
Redhat Information
No data.
CWE