CVE-2024-6694

20 Jul 2024

Título es

CVE-2024-6694

Sáb, 20/07/2024 – 04:15

Tipo

CWE-257

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-6694

Descripción en

The WP Mail SMTP plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 4.0.1. This is due to plugin providing the SMTP password in the SMTP Password field when viewing the settings. This makes it possible for authenticated attackers, with administrative-level access and above, to view the SMTP password for the supplied server. Although this would not be useful for attackers in most cases, if an administrator account becomes compromised this could be useful information to an attacker in a limited environment.

20/07/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)

2.70

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

LOW

Referencias

https://plugins.trac.wordpress.org/changeset/3120454/wp-mail-smtp/trunk/src/Providers/OptionsAbstract.php

https://www.wordfence.com/threat-intel/vulnerabilities/id/2d4e9daf-d414-4ace-9efd-4c3e16deeb8f?source=cve

Enviar en el boletín

Off

CVE-2024-6694

CVE-2024-6694

Jose Alexis Correa Valencia