cleantalk
Vulnerabilities and Security Researches

YaySMTP – Simple WP SMTP Mail, CVE-2022-2371

CVE, Research URL

CVE-2022-2371

Home page URL

Security reports for YaySMTP – Simple WP SMTP Mail

Application

YaySMTP – Simple WP SMTP Mail

Published on
Aug 08, 2022
Research Description
The YaySMTP WordPress plugin before 2.2.1 does not have proper authorisation when saving its settings, allowing users with a role as low as subscriber to change them, and use that to conduct Stored Cross-Site Scripting attack due to the lack of escaping in them as well.
Affected versions
Min -, max 2.2.1.
Status
vulnerable
Previous vulnerability researches
YaySMTP – Simple WP SMTP Mail (CVE-2025-47587) , May 09, 2025
YaySMTP – Simple WP SMTP Mail (CVE-2025-0916) , Feb 20, 2025
YaySMTP – Simple WP SMTP Mail (CVE-2023-3093) , Jun 07, 2024
YaySMTP – Simple WP SMTP Mail (CVE-2022-2371) , Jun 07, 2024
YaySMTP – Simple WP SMTP Mail (CVE-2022-2372) , Jun 07, 2024
New vulnerability
Drag and Drop Multiple File Upload for WooCommerce (CVE-2025-4403) , May 11, 2025
Contact Us By Lord Linus (CVE-2025-1382) , May 11, 2025
Contact Form by WPForms – Drag & Drop Form Builder for WordPress (CVE-2025-3794) , May 10, 2025
Jeg Elementor Kit (CVE-2025-2944) , May 10, 2025
1 Click WordPress Migration Plugin – 100% FREE for a limited time (CVE-2025-3455) , May 10, 2025