CVE-2022-2352 - OpenCVE

The Post SMTP Mailer/Email Log WordPress plugin before 2.1.7 does not have proper authorisation in some AJAX actions, which could allow high privilege users such as admin to perform blind SSRF on multisite installations for example.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Wpexperts	Post Smtp

Configuration 1 [-]

cpe:2.3:a:wpexperts:post_smtp:*:*:*:*:*:wordpress:*:*

References

Link	Resource
https://wpscan.com/vulnerability/dc99ac40-646a-4f8e-b2b9-dc55d6d4c55c	Exploit Patch Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: WPScan

Published: 2022-09-26T12:35:32

Updated: 2022-09-26T12:35:32

Reserved: 2022-07-08T00:00:00

Link: CVE-2022-2352

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-09-26T13:15:10.320

Modified: 2022-10-05T16:51:01.267

Link: CVE-2022-2352

JSON object: View

Redhat Information

No data.

CWE

CWE-918

{"containers": {"cna": {"affected": [{"product": "Post SMTP Mailer/Email Log", "vendor": "Unknown", "versions": [{"lessThan": "2.1.7", "status": "affected", "version": "2.1.7", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Raad Haddad of Cloudyrion GmbH"}], "descriptions": [{"lang": "en", "value": "The Post SMTP Mailer/Email Log WordPress plugin before 2.1.7 does not have proper authorisation in some AJAX actions, which could allow high privilege users such as admin to perform blind SSRF on multisite installations for example."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-26T12:35:32", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wpscan.com/vulnerability/dc99ac40-646a-4f8e-b2b9-dc55d6d4c55c"}], "source": {"discovery": "EXTERNAL"}, "title": "Post SMTP < 2.1.7 - Admin+ Blind SSRF", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2022-2352", "STATE": "PUBLIC", "TITLE": "Post SMTP < 2.1.7 - Admin+ Blind SSRF"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Post SMTP Mailer/Email Log", "version": {"version_data": [{"version_affected": "<", "version_name": "2.1.7", "version_value": "2.1.7"}]}}]}, "vendor_name": "Unknown"}]}}, "credit": [{"lang": "eng", "value": "Raad Haddad of Cloudyrion GmbH"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Post SMTP Mailer/Email Log WordPress plugin before 2.1.7 does not have proper authorisation in some AJAX actions, which could allow high privilege users such as admin to perform blind SSRF on multisite installations for example."}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-918 Server-Side Request Forgery (SSRF)"}]}]}, "references": {"reference_data": [{"name": "https://wpscan.com/vulnerability/dc99ac40-646a-4f8e-b2b9-dc55d6d4c55c", "refsource": "MISC", "url": "https://wpscan.com/vulnerability/dc99ac40-646a-4f8e-b2b9-dc55d6d4c55c"}]}, "source": {"discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2022-2352", "datePublished": "2022-09-26T12:35:32", "dateReserved": "2022-07-08T00:00:00", "dateUpdated": "2022-09-26T12:35:32", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}