0Xshdax

**Name of the Vulnerable Software and Affected Versions** YaySMTP WordPress plugin versions prior to 2.2.1 **Description** The issue concerns a lack of proper authorization when saving settings, allowing users with a low role, such as a subscriber, to modify them. This can be exploited to conduct a Stored Cross-Site Scripting attack due to insufficient escaping in the settings. **Recommendations** For YaySMTP WordPress plugin versions prior to 2.2.1, update to version 2.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the settings page to prevent unauthorized changes until the update can be applied.

**Name of the Vulnerable Software and Affected Versions** YaySMTP WordPress plugin versions prior to 2.2.1 **Description** The issue allows any logged-in users, such as subscribers, to view the logs of the plugin due to a lack of capability check in an AJAX action. **Recommendations** For YaySMTP WordPress plugin versions prior to 2.2.1, update to version 2.2.1 or later to resolve the issue.