Skip to main content

Easy Wp Smtp

8 CVEs product

Monthly

CVE-2024-3073 LOW Monitor

The Easy WP SMTP by SendLayer - WordPress SMTP and Email Log Plugin plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.3.0. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure WordPress Easy Wp Smtp
NVD
CVSS 3.1
2.7
EPSS
0.3%
CVE-2019-25141 CRITICAL POC PATCH THREAT Act Now

The Easy WP SMTP plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.3.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 62.9%.

Authentication Bypass WordPress Easy Wp Smtp
NVD VulDB
CVSS 3.1
9.8
EPSS
62.9%
Threat
5.3
CVE-2022-42699 CRITICAL Act Now

Auth. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection WordPress RCE Easy Wp Smtp
NVD
CVSS 3.1
9.1
EPSS
7.3%
CVE-2022-45833 MEDIUM This Month

Auth. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal WordPress Easy Wp Smtp
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-45829 HIGH This Week

Auth. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal WordPress Easy Wp Smtp
NVD
CVSS 3.1
8.7
EPSS
0.5%
CVE-2022-3334 HIGH POC This Week

The Easy WP SMTP WordPress plugin before 1.5.0 unserialises the content of an imported file, which could lead to PHP object injection issue when an admin import (intentionally or not) a malicious. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization WordPress PHP Easy Wp Smtp
NVD WPScan
CVSS 3.1
7.2
EPSS
1.1%
CVE-2020-35234 HIGH POC THREAT This Week

The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrator account takeover, as exploited in the wild in December 2020. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Easy Wp Smtp
NVD
CVSS 3.1
7.5
EPSS
64.6%
CVE-2017-7723 MEDIUM This Month

XSS exists in Easy WP SMTP (before 1.2.5), a WordPress Plugin, via the e-mail subject or body. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Easy Wp Smtp
NVD
CVSS 3.0
6.1
EPSS
0.4%
EPSS 0% CVSS 2.7
LOW Monitor

The Easy WP SMTP by SendLayer - WordPress SMTP and Email Log Plugin plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.3.0. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure WordPress Easy Wp Smtp
NVD
EPSS 63% 5.3 CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

The Easy WP SMTP plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.3.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 62.9%.

Authentication Bypass WordPress Easy Wp Smtp
NVD VulDB
EPSS 7% CVSS 9.1
CRITICAL Act Now

Auth. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection WordPress RCE +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Auth. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal WordPress Easy Wp Smtp
NVD
EPSS 1% CVSS 8.7
HIGH This Week

Auth. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal WordPress Easy Wp Smtp
NVD
EPSS 1% CVSS 7.2
HIGH POC This Week

The Easy WP SMTP WordPress plugin before 1.5.0 unserialises the content of an imported file, which could lead to PHP object injection issue when an admin import (intentionally or not) a malicious. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization WordPress PHP +1
NVD WPScan
EPSS 65% CVSS 7.5
HIGH POC THREAT This Week

The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrator account takeover, as exploited in the wild in December 2020. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Easy Wp Smtp
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

XSS exists in Easy WP SMTP (before 1.2.5), a WordPress Plugin, via the e-mail subject or body. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Easy Wp Smtp
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy