CVE-2022-2352: 
WordPress vulnerability analysis and mitigation

The Post SMTP Mailer/Email Log WordPress plugin before version 2.1.7 contains a security vulnerability identified as CVE-2022-2352. The vulnerability was discovered by Raad Haddad of Cloudyrion GmbH and was publicly disclosed on September 5, 2022. This security issue affects the plugin's AJAX actions implementation, specifically impacting WordPress multisite installations (WPScan).

The vulnerability is classified as a Server-Side Request Forgery (SSRF) with a CVSS score of 2.7 (low severity). It is categorized under OWASP Top 10 A1: Injection and CWE-918. The issue stems from improper authorization in certain AJAX actions within the plugin, specifically affecting the port testing functionality (WPScan).

When exploited, this vulnerability could allow high-privilege users, such as administrators, to perform blind SSRF attacks on multisite installations. This could potentially lead to unauthorized server interactions and internal network scanning (NVD, WPScan).

The vulnerability has been fixed in version 2.1.7 of the Post SMTP plugin. Users are advised to update to this version or later to mitigate the security risk (WPScan).