CVE-2022-2371

Name of the Vulnerable Software and Affected Versions YaySMTP WordPress plugin versions prior to 2.2.1

Description The issue concerns a lack of proper authorization when saving settings, allowing users with a low role, such as a subscriber, to modify them. This can be exploited to conduct a Stored Cross-Site Scripting attack due to insufficient escaping in the settings.

Recommendations For YaySMTP WordPress plugin versions prior to 2.2.1, update to version 2.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the settings page to prevent unauthorized changes until the update can be applied.