Yaycommerce

Yaysmtp

13 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.6

CVE-2025-48161

  • EPSS 0.05%
  • Veröffentlicht 16.07.2025 10:36:56
  • Zuletzt bearbeitet 16.07.2025 14:58:59

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YaySMTP allows SQL Injection. This issue affects YaySMTP: from n/a through 1.3.

7.6

CVE-2025-48301

  • EPSS 0.05%
  • Veröffentlicht 16.07.2025 10:36:53
  • Zuletzt bearbeitet 16.07.2025 14:58:59

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce SMTP for SendGrid – YaySMTP allows SQL Injection. This issue affects SMTP for SendGrid – YaySMTP: from n/a through 1.5.

7.6

CVE-2025-53256

  • EPSS 0.03%
  • Veröffentlicht 27.06.2025 13:21:05
  • Zuletzt bearbeitet 02.07.2025 21:15:41

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YaySMTP allows SQL Injection.This issue affects YaySMTP: from n/a through 2.6.5.

7.6

CVE-2025-47587

  • EPSS 0.04%
  • Veröffentlicht 07.05.2025 14:20:21
  • Zuletzt bearbeitet 08.05.2025 14:39:09

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YaySMTP allows Blind SQL Injection. This issue affects YaySMTP: from n/a through 2.6.4.

7.2

CVE-2025-3434

  • EPSS 0.23%
  • Veröffentlicht 11.04.2025 08:21:31
  • Zuletzt bearbeitet 11.04.2025 15:39:52

The SMTP for Amazon SES – YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Email Logs in all versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauth...

6.1

CVE-2025-0918

  • EPSS 0.72%
  • Veröffentlicht 22.02.2025 13:15:11
  • Zuletzt bearbeitet 05.03.2025 21:28:15

The SMTP for SendGrid – YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...

6.1

CVE-2025-0953

  • EPSS 0.72%
  • Veröffentlicht 22.02.2025 13:15:11
  • Zuletzt bearbeitet 05.03.2025 21:28:15

The SMTP for Sendinblue – YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacke...

6.1

CVE-2025-0916

  • EPSS 0.72%
  • Veröffentlicht 19.02.2025 12:15:31
  • Zuletzt bearbeitet 25.02.2025 20:19:48

The YaySMTP and Email Logs: Amazon SES, SendGrid, Outlook, Mailgun, Brevo, Google and Any SMTP Service plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions 2.4.9 to 2.6.2 due to insufficient input sanitization and output esca...

6.1

CVE-2023-3093

  • EPSS 0.71%
  • Veröffentlicht 12.07.2023 05:15:09
  • Zuletzt bearbeitet 21.11.2024 08:16:25

The YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 2.4.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...

4.8

CVE-2022-2372

Exploit
  • EPSS 0.21%
  • Veröffentlicht 08.08.2022 14:15:09
  • Zuletzt bearbeitet 21.11.2024 07:00:51

The YaySMTP WordPress plugin before 2.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for ex...