2.7

CVE-2024-3073

EPSS 0.31%
Veröffentlicht 13.06.2024 09:15:13
Zuletzt bearbeitet 21.11.2024 09:28:50
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

Easy WP SMTP by SendLayer <= 2.3.0 - Exposure of Sensitive Information via the UI

The Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.3.0. This is due to plugin providing the SMTP password in the SMTP Password field when viewing the settings. This makes it possible for authenticated attackers, with administrative-level access and above, to view the SMTP password for the supplied server. Although this would not be useful for attackers in most cases, if an administrator account becomes compromised this could be useful information to an attacker in a limited environment.

Mögliche Gegenmaßnahme

Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more: Update to version 2.3.1, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 6

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more

Version *-2.3.0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wp-ecommerce ≫ Easy Wp Smtp SwPlatformwordpress Version < 2.3.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.31%	0.54

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@wordfence.com	2.7	1.2	1.4	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3101553%40easy-wp-smtp&new=3101553%40easy-wp-smtp&sfp_email=&sfph_mail=

Product

https://www.wordfence.com/threat-intel/vulnerabilities/id/b043197c-4477-4663-abb8-5840173c574d?source=cve

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/b043197c-4477-4663-abb8-5840173c574d

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-3073

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-3073

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-3073

EUVD