WordPress SMTP for SendGrid

7.6 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce SMTP for SendGrid – YaySMTP allows SQL Injection. This issue affects SMTP for SendGrid – YaySMTP: from n/a through 1.5.

Basic Information

ID CVE-2025-48301

Source Patchstack

Published Jul 16, 2025 at 10:36

Modified Jul 16, 2025 at 20:11

Affected Product

Vendor YayCommerce

Product SMTP for SendGrid – YaySMTP

Version n/a

Affected Versions YayCommerce SMTP for SendGrid – YaySMTP n/a

CWE Classification

CWE-89

References

patchstack.com /database/wordpress/plugin/smtp-sendgrid/vulnerability/wordpress-smtp-for-sendgrid-yaysmtp-plugin-1-5-sql-injection-vulnerability

{
    "lastseen": "",
    "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce SMTP for SendGrid \u2013 YaySMTP allows SQL Injection. This issue affects SMTP for SendGrid \u2013 YaySMTP: from n/a through 1.5.",
    "published": "2025-07-16T10:36:53.201Z",
    "modified": "2025-07-16T20:11:16.005Z",
    "type": "cve",
    "title": "WordPress SMTP for SendGrid \u2013 YaySMTP plugin <= 1.5 - SQL Injection Vulnerability",
    "source": "Patchstack",
    "references": "https://patchstack.com/database/wordpress/plugin/smtp-sendgrid/vulnerability/wordpress-smtp-for-sendgrid-yaysmtp-plugin-1-5-sql-injection-vulnerability?_s_id=cve",
    "id": "CVE-2025-48301",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "YayCommerce SMTP for SendGrid \u2013 YaySMTP n/a",
    "sourceHref": "",
    "cvss": {
        "score": 7.6,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SMTP for SendGrid \u2013 YaySMTP",
    "version": "n/a",
    "vendor": "YayCommerce",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

WordPress SMTP for SendGrid – YaySMTP plugin <= 1.5 - SQL Injection Vulnerability_CVE-2025-48301