Yaycommerce

Yaysmtp

13 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.6

CVE-2025-48161

  • EPSS 0.04%
  • Veröffentlicht 16.07.2025 10:36:56
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YaySMTP smtp-sendinblue allows SQL Injection.This issue affects YaySMTP: from n/a through <= 1.3.

7.6

CVE-2025-48301

  • EPSS 0.04%
  • Veröffentlicht 16.07.2025 10:36:53
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce SMTP for SendGrid – YaySMTP smtp-sendgrid allows SQL Injection.This issue affects SMTP for SendGrid – YaySMTP: from n/a through <= 1.5.

7.6

CVE-2025-53256

  • EPSS 0.04%
  • Veröffentlicht 27.06.2025 13:21:05
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YaySMTP yaysmtp allows SQL Injection.This issue affects YaySMTP: from n/a through <= 2.6.6.

7.6

CVE-2025-47587

  • EPSS 0.1%
  • Veröffentlicht 07.05.2025 14:20:21
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YaySMTP yaysmtp allows Blind SQL Injection.This issue affects YaySMTP: from n/a through <= 2.6.4.

7.2

CVE-2025-3434

  • EPSS 0.98%
  • Veröffentlicht 11.04.2025 08:21:31
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The SMTP for Amazon SES – YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Email Logs in all versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauth...

6.1

CVE-2025-0918

  • EPSS 0.53%
  • Veröffentlicht 22.02.2025 13:15:11
  • Zuletzt bearbeitet 08.04.2026 19:22:48

The SMTP for SendGrid – YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers t...

6.1

CVE-2025-0953

  • EPSS 0.54%
  • Veröffentlicht 22.02.2025 13:15:11
  • Zuletzt bearbeitet 08.04.2026 19:22:49

The SMTP for Sendinblue – YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...

6.1

CVE-2025-0916

  • EPSS 0.54%
  • Veröffentlicht 19.02.2025 12:15:31
  • Zuletzt bearbeitet 25.02.2025 20:19:48

The YaySMTP and Email Logs: Amazon SES, SendGrid, Outlook, Mailgun, Brevo, Google and Any SMTP Service plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions 2.4.9 to 2.6.2 due to insufficient input sanitization and output esca...

6.1

CVE-2023-3093

  • EPSS 0.89%
  • Veröffentlicht 12.07.2023 05:15:09
  • Zuletzt bearbeitet 08.04.2026 18:18:07

The YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 2.4.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...

4.8

CVE-2022-2372

Exploit
  • EPSS 0.22%
  • Veröffentlicht 08.08.2022 14:15:09
  • Zuletzt bearbeitet 21.11.2024 07:00:51

The YaySMTP WordPress plugin before 2.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for ex...