Vulnerabilities (CVE)

Filtered by vendor Wp-ecommerce Subscribe

Filtered by product Easy Wp Smtp

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2020-35234	1 Wp-ecommerce	1 Easy Wp Smtp	2020-12-15	5.0 MEDIUM	7.5 HIGH
The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrator account takeover, as exploited in the wild in December 2020. If an attacker can list the wp-content/plugins/easy-wp-smtp/ directory, then they can discover a log file (such as #############_debug_log.txt) that contains all password-reset links. The attacker can request a reset of the Administrator password and then use a link found there.
CVE-2017-7723	1 Wp-ecommerce	1 Easy Wp Smtp	2017-06-01	4.3 MEDIUM	6.1 MEDIUM
XSS exists in Easy WP SMTP (before 1.2.5), a WordPress Plugin, via the e-mail subject or body.