The SMTP for Amazon SES – YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Metrics
Affected Vendors & Products
No data.
No data.
No data.
No data.
References
History
Wed, 08 Apr 2026 19:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
Wed, 08 Apr 2026 18:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Vulnerability: SMTP for Amazon SES <= 1.7.1 - Unauthenticated Stored Cross-Site Scripting via Email Logs | Vulnerability: SMTP for Amazon SES <= 1.8 - Unauthenticated Stored Cross-Site Scripting via Email Logs |
| References |
|
Mon, 24 Feb 2025 13:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Sat, 22 Feb 2025 14:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The SMTP for Amazon SES – YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |
| Title | Vulnerability: SMTP for Amazon SES <= 1.7.1 - Unauthenticated Stored Cross-Site Scripting via Email Logs | |
| Weaknesses | CWE-79 | |
| References |
|
|
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published:
Updated: 2026-04-08T17:33:30.026Z
Reserved: 2025-01-31T20:34:34.838Z
Link: CVE-2025-0957
Vulnrichment
Updated: 2025-02-24T12:48:04.430Z
NVD
Status : Awaiting Analysis
Published: 2025-02-22T14:15:29.710
Modified: 2026-04-08T19:22:51.843
Link: CVE-2025-0957
Redhat
No data.
OpenCVE Enrichment
No data.