Cbejan

**Name of the Vulnerable Software and Affected Versions** The SMTP for SendGrid – YaySMTP plugin for WordPress versions up to, and including, 1.3.1 **Description** The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 1.3.1, update to a version that addresses the insufficient input sanitization and output escaping issue to prevent Stored Cross-Site Scripting attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sendinblue – YaySMTP plugin for WordPress versions up to, and including, 1.1.1 **Description** The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For Sendinblue – YaySMTP plugin for WordPress versions up to, and including, 1.1.1, update to a version that addresses the insufficient input sanitization and output escaping issue to prevent Stored Cross-Site Scripting attacks.

**Name of the Vulnerable Software and Affected Versions** SMTP for Amazon SES – YaySMTP plugin for WordPress versions up to, and including, 1.7.1 **Description** The SMTP for Amazon SES – YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 1.7.1, update to a version higher than 1.7.1 to resolve the issue. As a temporary workaround, consider restricting access to the email logs feature to minimize the risk of exploitation. Avoid using the plugin until the issue is resolved.