PT-2024-23604 · Sendlayer · Easy Wp Smtp

Andy Gilbert

Published

2024-06-13

Updated

2024-07-15

CVE-2024-3073

CVSS v3.1

2.7

Low

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions The Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin versions prior to 2.3.1

Description The plugin is vulnerable to information exposure due to providing the SMTP password in the SMTP Password field when viewing the settings. This allows authenticated attackers with administrative-level access and above to view the SMTP password for the supplied server. Although this information may not be useful to attackers in most cases, it could be valuable if an administrator account becomes compromised in a limited environment.

Recommendations For versions prior to 2.3.1, update to version 2.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the SMTP Password field to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-257

Related Identifiers

CVE-2024-3073

Affected Products

Easy Wp Smtp

PT-2024-23604 · Sendlayer · Easy Wp Smtp

CVE-2024-3073

Weakness Enumeration

Related Identifiers

Affected Products

References · 6