Stored Cross-Site Scripting Vulnerability in YaySMTP Plugin for WordPress
CVE-2025-3434

7.2HIGH

Key Information:

Vendor: WordPress
Status: Smtp For Amazon Ses – Yaysmtp
Vendor: CVE Published:; 11 April 2025

What is CVE-2025-3434?

The YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting (XSS) attacks due to inadequate input sanitization and output escaping in the Email Logs feature. This vulnerability allows unauthenticated attackers to inject arbitrary scripts into pages, compromising user interactions whenever affected pages are accessed. It is crucial for users of YaySMTP to ensure they update to the latest version to mitigate this risk.

Affected Version(s)

SMTP for Amazon SES – YaySMTP * <= 1.8

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://wordpress.org/plugins/smtp-amazon-ses/

https://plugins.trac.wordpress.org/browser/smtp-amazon-se...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 11, 2025
Vulnerability Reserved
Apr 7, 2025

Credit

D.Sim