{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-0957", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-01-31T20:34:34.838Z", "datePublished": "2025-02-22T13:45:13.163Z", "dateUpdated": "2026-04-08T17:33:30.026Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:33:30.026Z"}, "affected": [{"vendor": "yaycommerce", "product": "SMTP for Amazon SES \u2013 YaySMTP", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.8", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The SMTP for Amazon SES \u2013 YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "title": "Vulnerability: SMTP for Amazon SES <= 1.8 - Unauthenticated Stored Cross-Site Scripting via Email Logs", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f6424fc9-f118-4654-89a7-1f7e6efa2c02?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/smtp-amazon-ses/trunk/includes/Functions.php"}, {"url": "https://wordpress.org/plugins/smtp-amazon-ses/#developers"}, {"url": "https://plugins.trac.wordpress.org/browser/smtp-amazon-ses/trunk/includes/Helper/Utils.php"}, {"url": "https://plugins.trac.wordpress.org/changeset/3270161/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "baseScore": 7.2, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Cristian Bejan"}], "timeline": [{"time": "2025-01-31T00:00:00.000Z", "lang": "en", "value": "Discovered"}, {"time": "2025-01-31T00:00:00.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-02-22T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-24T12:47:57.999197Z", "id": "CVE-2025-0957", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-24T12:48:08.070Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-0957", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-24T12:47:57.999197Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-24T12:48:04.430Z"}}], "cna": {"title": "Vulnerability: SMTP for Amazon SES <= 1.8 - Unauthenticated Stored Cross-Site Scripting via Email Logs", "credits": [{"lang": "en", "type": "finder", "value": "Cristian Bejan"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "yaycommerce", "product": "SMTP for Amazon SES \u2013 YaySMTP", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.8"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-01-31T00:00:00.000Z", "value": "Discovered"}, {"lang": "en", "time": "2025-01-31T00:00:00.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-02-22T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f6424fc9-f118-4654-89a7-1f7e6efa2c02?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/smtp-amazon-ses/trunk/includes/Functions.php"}, {"url": "https://wordpress.org/plugins/smtp-amazon-ses/#developers"}, {"url": "https://plugins.trac.wordpress.org/browser/smtp-amazon-ses/trunk/includes/Helper/Utils.php"}, {"url": "https://plugins.trac.wordpress.org/changeset/3270161/"}], "descriptions": [{"lang": "en", "value": "The SMTP for Amazon SES \u2013 YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:33:30.026Z"}}}, "cveMetadata": {"cveId": "CVE-2025-0957", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:33:30.026Z", "dateReserved": "2025-01-31T20:34:34.838Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-02-22T13:45:13.163Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The SMTP for Amazon SES \u2013 YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}, {"lang": "es", "value": "El complemento SMTP para Amazon SES \u2013 YaySMTP para WordPress es vulnerable a Cross-Site Scripting almacenado en versiones hasta la 1.7.1 incluida debido a una depuraci\u00f3n de entrada insuficiente y al escape de salida. Esto permite que atacantes no autenticados inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."}], "id": "CVE-2025-0957", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-02-22T14:15:29.710", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/smtp-amazon-ses/trunk/includes/Functions.php"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/smtp-amazon-ses/trunk/includes/Helper/Utils.php"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3270161/"}, {"source": "security@wordfence.com", "url": "https://wordpress.org/plugins/smtp-amazon-ses/#developers"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f6424fc9-f118-4654-89a7-1f7e6efa2c02?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T02:06:13.548539+00:00", "value": {"mitigation_remediation": ["Update the SMTP for Amazon SES \u2013 YaySMTP plugin to version 1.8 or later, which includes input sanitization and output escaping.", "If an update is not possible, disable the plugin\u2019s email\u2011logging feature to prevent the vulnerability from being triggered.", "Restrict access to the email\u2011logging page and implement a Web Application Firewall rule to filter out common XSS payloads."], "summary": {"action": "Patch Immediately", "impact": "Stored Cross\u2011Site Scripting on user browsers"}, "threat_synthesis": {"affected_systems": "WordPress sites that have the YaySMTP plugin version 1.7.1 or earlier installed are affected. The vulnerability is specific to the plugin\u2019s email\u2011logging feature and does not impact WordPress core or other plugins.", "description_and_impact": "The SMTP for Amazon SES \u2013 YaySMTP plugin for WordPress contains a stored cross\u2011site scripting flaw that allows an attacker to inject JavaScript into email\u2011logging pages. The vulnerable code stores unsanitized input and later displays it without proper escaping, giving the attacker the ability to run arbitrary client\u2011side scripts whenever a user views the affected page. The flaw grants the attacker the same level of compromised user session as a typical XSS, with potential to steal cookies, perform phishing, or hijack user actions on the site.", "risk_and_exploitability": "The CVSS score of 7.2 indicates a high level of severity. The EPSS score of less than 1% suggests that exploitation is unlikely but still possible. The flaw is not yet listed in the CISA KEV catalog. Attackers would need to send crafted emails that are logged by the plugin and then trigger the log page for an authenticated user to suffer XSS. Because the vulnerability is unauthenticated, any user who can access the email\u2011log page could be targeted."}}}}, "created": "2026-04-22T02:15:05.411441+00:00", "updated": "2026-04-22T02:15:05.411452+00:00", "vendors": []}