← Back

CVE-2019-25141

nvd nistnuclei
Published: Jun 7, 2023Modified: Apr 8, 2026

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

The Easy WP SMTP plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.3.9. This is due to missing capability checks on the admin_init() function, in addition to insufficient input validation. This makes it possible for unauthenticated attackers to modify the plugins settings and arbitrary options on the site that can be used to inject new administrative user accounts.

Affected (1)

Wp Ecommerce
1 product
Easy Wp Smtp
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Easy Wp Smtp
Up to 1.3.9

Related CWEs

CWE-862
Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (8)

Source: security@wordfence.com
Exploit
Source: security@wordfence.com
Patch
Source: security@wordfence.com
ExploitIssue TrackingMitigation
Source: security@wordfence.com
Broken LinkThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitIssue TrackingMitigation
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party Advisory

Timeline

No history available yet.