{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-48301", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2025-05-19T14:13:45.512Z", "datePublished": "2025-07-16T10:36:53.201Z", "dateUpdated": "2025-07-16T20:11:16.005Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2025-07-16T10:36:53.201Z"}, "title": "WordPress SMTP for SendGrid \u2013 YaySMTP plugin <= 1.5 - SQL Injection Vulnerability", "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "lang": "en", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-66", "descriptions": [{"lang": "en", "value": "CAPEC-66 SQL Injection"}]}], "affected": [{"vendor": "YayCommerce", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "smtp-sendgrid", "product": "SMTP for SendGrid \u2013 YaySMTP", "versions": [{"lessThanOrEqual": "1.5", "status": "affected", "version": "n/a", "versionType": "custom", "changes": [{"at": "1.5.1", "status": "unaffected"}]}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce SMTP for SendGrid \u2013 YaySMTP allows SQL Injection. This issue affects SMTP for SendGrid \u2013 YaySMTP: from n/a through 1.5.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce SMTP for SendGrid \u2013 YaySMTP allows SQL Injection.</p><p>This issue affects SMTP for SendGrid \u2013 YaySMTP: from n/a through 1.5.</p>"}]}], "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/wordpress/plugin/smtp-sendgrid/vulnerability/wordpress-smtp-for-sendgrid-yaysmtp-plugin-1-5-sql-injection-vulnerability?_s_id=cve"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"baseScore": 7.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", "baseSeverity": "HIGH", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "version": "3.1"}}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update the WordPress SMTP for SendGrid \u2013 YaySMTP plugin to the latest available version (at least 1.5.1)."}], "value": "Update the WordPress SMTP for SendGrid \u2013 YaySMTP plugin to the latest available version (at least 1.5.1)."}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "L\u00ea Qu\u1ed1c B\u1ea3o (Patchstack Alliance)"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-16T20:11:07.561308Z", "id": "CVE-2025-48301", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-16T20:11:16.005Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-48301", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-07-16T20:11:07.561308Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-16T20:11:13.008Z"}}], "cna": {"title": "WordPress SMTP for SendGrid \u2013 YaySMTP plugin <= 1.5 - SQL Injection Vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "L\u00ea Qu\u1ed1c B\u1ea3o (Patchstack Alliance)"}], "impacts": [{"capecId": "CAPEC-66", "descriptions": [{"lang": "en", "value": "CAPEC-66 SQL Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "YayCommerce", "product": "SMTP for SendGrid \u2013 YaySMTP", "versions": [{"status": "affected", "changes": [{"at": "1.5.1", "status": "unaffected"}], "version": "n/a", "versionType": "custom", "lessThanOrEqual": "1.5"}], "packageName": "smtp-sendgrid", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update the WordPress SMTP for SendGrid \u2013 YaySMTP plugin to the latest available version (at least 1.5.1).", "supportingMedia": [{"type": "text/html", "value": "Update the WordPress SMTP for SendGrid \u2013 YaySMTP plugin to the latest available version (at least 1.5.1).", "base64": false}]}], "references": [{"url": "https://patchstack.com/database/wordpress/plugin/smtp-sendgrid/vulnerability/wordpress-smtp-for-sendgrid-yaysmtp-plugin-1-5-sql-injection-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce SMTP for SendGrid \u2013 YaySMTP allows SQL Injection. This issue affects SMTP for SendGrid \u2013 YaySMTP: from n/a through 1.5.", "supportingMedia": [{"type": "text/html", "value": "<p>Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce SMTP for SendGrid \u2013 YaySMTP allows SQL Injection.</p><p>This issue affects SMTP for SendGrid \u2013 YaySMTP: from n/a through 1.5.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2025-07-16T10:36:53.201Z"}}}, "cveMetadata": {"cveId": "CVE-2025-48301", "state": "PUBLISHED", "dateUpdated": "2025-07-16T20:11:16.005Z", "dateReserved": "2025-05-19T14:13:45.512Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2025-07-16T10:36:53.201Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce SMTP for SendGrid \u2013 YaySMTP allows SQL Injection. This issue affects SMTP for SendGrid \u2013 YaySMTP: from n/a through 1.5."}], "id": "CVE-2025-48301", "lastModified": "2025-07-16T14:58:59.837", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 4.7, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-07-16T11:15:25.973", "references": [{"source": "[email protected]", "url": "https://patchstack.com/database/wordpress/plugin/smtp-sendgrid/vulnerability/wordpress-smtp-for-sendgrid-yaysmtp-plugin-1-5-sql-injection-vulnerability?_s_id=cve"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "[email protected]", "type": "Primary"}]}

{}