Nixpkgs Security Tracker

Login with GitHub

Suggestion detail

Dismissed
Permalink CVE-2025-62762
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
updated 2 months, 1 week ago by @SigmaSquadron Activity log
  • Created automatic suggestion 2 months, 1 week ago
  • @SigmaSquadron removed package haskellPackages.smtp-mail 2 months, 1 week ago
  • @SigmaSquadron removed maintainer @mpscholten 2 months, 1 week ago
  • @SigmaSquadron accepted 2 months, 1 week ago
  • @SigmaSquadron dismissed 2 months, 1 week ago
WordPress SMTP Mail plugin <= 1.3.47 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in photoboxone SMTP Mail smtp-mail allows Cross Site Request Forgery.This issue affects SMTP Mail: from n/a through <= 1.3.47.

References

Affected products

smtp-mail
  • =<<= 1.3.47 
This is actually related to wordpressPackages.plugins.wp-mail-smtp, which has no maintainers, and it seems that the version in Nixpkgs is unaffected.