WordPress SMTP Plugin Vulnerable to SQL Injection
CVE-2024-5207

7.2HIGH

Key Information:

Vendor: Wordpress
Status: Post Smtp – The WordPress Smtp Plugin With Email Logs And Mobile App For Email Failure Notifications
Vendor: CVE Published:; 30 May 2024

What is CVE-2024-5207?

The POST SMTP Plugin for WordPress is susceptible to a time-based SQL Injection vulnerability. This issue arises from insufficient escaping of user-supplied parameters and inadequate query preparation in versions prior to 2.9.3. As a result, authenticated users with administrative permissions may exploit this flaw to insert harmful SQL queries into existing commands, potentially allowing them to extract sensitive information from the database. Proper security measures and updates are critical to safeguard against this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Post SMTP – The WordPress SMTP Plugin with Email Logs and Mobile App for Email Failure Notifications * <= 2.9.3

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/post-smtp/trun...

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 30, 2024
Vulnerability Reserved
May 22, 2024

Credit

ngocanh le

JSON

Wordpress

What is CVE-2024-5207?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.