The WordPress Easy WP SMTP Plugin installed on the remote host is affected by multiple vulnerabilities as follows:

- A Path Traversal Vulnerability (CVE-2022-45833).

- A Remote Code Execution vulnerability in the auth component (CVE-2022-42699).

- A Path Traversal Vulnerability (CVE-2022-45829).

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

The WordPressEasy WP SMTP Plugin installed on the remote host is affected by a Sensitive Information Disclosure.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

The WordPress Easy WP SMTP Plugin installed on the remote host is affected by an Insecure Deserialization.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

The Easy WP SMTP Plugin for WordPress running on the remote web server is < 1.4.4. It is, therefore, affected by an unauthenticated information disclosure vulnerability.

The WordPress Easy WP SMTP Plugin installed on the remote host is affected by a debug log file disclosure that could allow an unauthenticated user to reset the admin password.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5837 advisory.

    - can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices (Tomas Bortoli)  [Orabug: 31351221]     {CVE-2019-19535}
    - media: hdpvr: Fix an error handling path in hdpvr_probe() (Arvind Yadav)  [Orabug: 31352053]     {CVE-2017-16644}
    - fix kABI breakage from 'netns: provide pure entropy for net_hash_mix()' (Dan Duval)  [Orabug: 31351904]     {CVE-2019-10638} {CVE-2019-10639}
    - netns: provide pure entropy for net_hash_mix() (Eric Dumazet)  [Orabug: 31351904]  {CVE-2019-10638}     {CVE-2019-10639}
    - fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info() (Alexander Potapenko)  [Orabug:
    31350639]  {CVE-2020-10732}
    - crypto: user - fix memory leak in crypto_report (Navid Emamdoost)  [Orabug: 31351640]  {CVE-2019-19062}
    - of: unittest: fix memory leak in unittest_data_add (Navid Emamdoost)  [Orabug: 31351702]     {CVE-2019-19049}

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The WordPress Easy WP SMTP Plugin installed on the remote host is affected by an object injection vulnerability due to a failure to properly sanitize user-supplied input to the 'swpsmtp_import_settings_file' parameter of the 'wp-admin/admin-ajax.php' script. An unauthenticated, remote attacker can leverage this issue to escalate privileges and execute arbitrary code on the affected host.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

The Easy WP SMTP Plugin for WordPress running on the remote web server is version 1.3.9. It is, therefore, affected by an unauthenticated remote code execution vulnerability.

The WordPress application running on the remote host has plugins installed.

ID	Name	Product	Family	Published	Updated	Severity
114014	Easy WP SMTP Plugin for WordPress < 1.5.2 Multiple Vulnerabilities	Web App Scanning	Component Vulnerability	9/13/2023	9/20/2023	high
113487	Easy WP SMTP Plugin for WordPress < 1.4.4 Sensitive Information Disclosure	Web App Scanning	Component Vulnerability	12/27/2022	3/14/2023	high
113486	Easy WP SMTP Plugin for WordPress < 1.5.0 Insecure Deserialization	Web App Scanning	Component Vulnerability	12/27/2022	3/14/2023	high
151189	Easy WP SMTP Plugin for WordPress < 1.4.4 Sensitive Information Disclosure	Nessus	CGI abuses	6/30/2021	7/14/2025	high
112672	Easy WP SMTP Plugin for WordPress < 1.4.3 Debug Log Disclosure	Web App Scanning	Component Vulnerability	12/18/2020	3/14/2023	high
140208	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5837)	Nessus	Oracle Linux Local Security Checks	9/4/2020	10/22/2024	high
98529	Easy WP SMTP Plugin for WordPress 1.3.9 Remote Code Execution	Web App Scanning	Component Vulnerability	4/8/2019	3/14/2023	critical
123004	Easy WP SMTP Plugin for WordPress 1.3.9 Unauthenticated Remote Code Execution	Nessus	CGI abuses	3/22/2019	5/14/2025	critical
101842	WordPress Plugin Detection	Nessus	CGI abuses	7/20/2017	7/14/2025	info

Detections

Analytics

Plugins Search

high

high

high

high

high

high

critical

critical

info