What the vulnerability does
01Description
Insertion of Sensitive Information Into Sent Data vulnerability in inkthemes WP Gmail SMTP wp-gmail-smtp allows Retrieve Embedded Sensitive Data.This issue affects WP Gmail SMTP: from n/a through <= 1.0.7.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
What the vulnerability does
Insertion of Sensitive Information Into Sent Data vulnerability in inkthemes WP Gmail SMTP wp-gmail-smtp allows Retrieve Embedded Sensitive Data.This issue affects WP Gmail SMTP: from n/a through <= 1.0.7.
Explanation of Vulnerability in Simple Terms
WP Gmail SMTP versions 1.0.7 and earlier expose sensitive information that can be accessed over the network without authentication. An attacker can retrieve partial data from the plugin, though the exact nature of the exposed information is unclear due to incomplete vulnerability classification. Update to a version newer than 1.0.7 to resolve this issue.
What an attacker can do
Access sensitive information from the plugin without logging in.
Potential impact on your site
Sensitive data may be exposed to unauthenticated attackers, potentially compromising email configuration or other plugin settings.
Conditions required to exploit
Network access to the WordPress site; no authentication or user interaction required.
Key dates
External resources