Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total10
Critical0
High6
Medium4
Reset
Showing 1-10 of 10 records
Threat Entry Updated 2025-04-11

CVE-2025-3434 - Yaysmtp Plugin

The SMTP for Amazon SES – YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Email Logs in all versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Yaysmtp

CVE-2025-3434

HIGH CVSS 7.2 2025-04-11
Open Full Technical Breakdown
Threat Entry Updated 2025-02-22

CVE-2025-0957 - Yaysmtp Plugin

The SMTP for Amazon SES – YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Yaysmtp

CVE-2025-0957

HIGH CVSS 7.2 2025-02-22
Open Full Technical Breakdown
Threat Entry Updated 2025-03-05

CVE-2025-0953 - Yaysmtp Plugin

The SMTP for Sendinblue – YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Yaysmtp

CVE-2025-0953

HIGH CVSS 7.2 2025-02-22
Open Full Technical Breakdown
Threat Entry Updated 2025-03-05

CVE-2025-0918 - Yaysmtp Plugin

The SMTP for SendGrid – YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Yaysmtp

CVE-2025-0918

HIGH CVSS 7.2 2025-02-22
Open Full Technical Breakdown
Threat Entry Updated 2025-02-25

CVE-2025-0916 - Yaysmtp Plugin

The YaySMTP and Email Logs: Amazon SES, SendGrid, Outlook, Mailgun, Brevo, Google and Any SMTP Service plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions 2.4.9 to 2.6.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note: The vulnerability has been initially patched in version 2.4.8 and was reintroduced in version 2.4.9 with the removal of the wp_kses_post() built-in WordPress sanitization function.

PLUGIN Yaysmtp

CVE-2025-0916

HIGH CVSS 7.2 2025-02-19
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-3093 - Yaysmtp Plugin

The YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 2.4.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Yaysmtp

CVE-2023-3093

HIGH CVSS 7.2 2023-07-12
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-2372 - Yaysmtp Plugin

The YaySMTP WordPress plugin before 2.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)

PLUGIN Yaysmtp

CVE-2022-2372

MEDIUM CVSS 4.8 2022-08-08
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-2371 - Yaysmtp Plugin

The YaySMTP WordPress plugin before 2.2.1 does not have proper authorisation when saving its settings, allowing users with a role as low as subscriber to change them, and use that to conduct Stored Cross-Site Scripting attack due to the lack of escaping in them as well.

PLUGIN Yaysmtp

CVE-2022-2371

MEDIUM CVSS 5.4 2022-08-08
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-2370 - Yaysmtp Plugin

The YaySMTP WordPress plugin before 2.2.1 does not have capability check before displaying the Mailer Credentials in JS code for the settings, allowing any authenticated users, such as subscriber to retrieve them

PLUGIN Yaysmtp

CVE-2022-2370

MEDIUM CVSS 6.5 2022-08-01
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-2369 - Yaysmtp Plugin

The YaySMTP WordPress plugin before 2.2.1 does not have capability check in an AJAX action, allowing any logged in users, such as subscriber to view the Logs of the plugin

PLUGIN Yaysmtp

CVE-2022-2369

MEDIUM CVSS 4.3 2022-08-01
Open Full Technical Breakdown
Scroll to top