{"containers": {"cna": {"affected": [{"product": "Post SMTP Mailer/Email Log", "vendor": "Unknown", "versions": [{"lessThan": "2.1.7", "status": "affected", "version": "2.1.7", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Raad Haddad of Cloudyrion GmbH"}], "descriptions": [{"lang": "en", "value": "The Post SMTP Mailer/Email Log WordPress plugin before 2.1.7 does not have proper authorisation in some AJAX actions, which could allow high privilege users such as admin to perform blind SSRF on multisite installations for example."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-26T12:35:32", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wpscan.com/vulnerability/dc99ac40-646a-4f8e-b2b9-dc55d6d4c55c"}], "source": {"discovery": "EXTERNAL"}, "title": "Post SMTP < 2.1.7 - Admin+ Blind SSRF", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2022-2352", "STATE": "PUBLIC", "TITLE": "Post SMTP < 2.1.7 - Admin+ Blind SSRF"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Post SMTP Mailer/Email Log", "version": {"version_data": [{"version_affected": "<", "version_name": "2.1.7", "version_value": "2.1.7"}]}}]}, "vendor_name": "Unknown"}]}}, "credit": [{"lang": "eng", "value": "Raad Haddad of Cloudyrion GmbH"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Post SMTP Mailer/Email Log WordPress plugin before 2.1.7 does not have proper authorisation in some AJAX actions, which could allow high privilege users such as admin to perform blind SSRF on multisite installations for example."}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-918 Server-Side Request Forgery (SSRF)"}]}]}, "references": {"reference_data": [{"name": "https://wpscan.com/vulnerability/dc99ac40-646a-4f8e-b2b9-dc55d6d4c55c", "refsource": "MISC", "url": "https://wpscan.com/vulnerability/dc99ac40-646a-4f8e-b2b9-dc55d6d4c55c"}]}, "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:32:09.763Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wpscan.com/vulnerability/dc99ac40-646a-4f8e-b2b9-dc55d6d4c55c"}]}]}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2022-2352", "datePublished": "2022-09-26T12:35:32", "dateReserved": "2022-07-08T00:00:00", "dateUpdated": "2024-08-03T00:32:09.763Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wpexperts:post_smtp:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "3CFFBF6B-AF8B-4134-8621-7A27E655F6F8", "versionEndExcluding": "2.1.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Post SMTP Mailer/Email Log WordPress plugin before 2.1.7 does not have proper authorisation in some AJAX actions, which could allow high privilege users such as admin to perform blind SSRF on multisite installations for example."}, {"lang": "es", "value": "El plugin Post SMTP Mailer/Email Log de WordPress versiones anteriores a 2.1.7, no presenta la autorizaci\u00f3n adecuada en algunas acciones AJAX, lo que podr\u00eda permitir a usuarios con altos privilegios, como los administradores, llevar a cabo SSRF ciegos en instalaciones multisitio, por ejemplo.\n"}], "id": "CVE-2022-2352", "lastModified": "2022-10-05T16:51:01.267", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-26T13:15:10.320", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/dc99ac40-646a-4f8e-b2b9-dc55d6d4c55c"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "contact@wpscan.com", "type": "Primary"}]}

{}