How severe is CVE-2024-6694?

This vulnerability has a severity rating of LOW with a CVSS score of 2.7 out of 10.

What type of vulnerability is CVE-2024-6694?

This is classified as CWE-257, which is a common weakness in software security.

CVE-2024-6694 - LOW Severity | CVSS 2.7

Vulnerability Description

The WP Mail SMTP plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 4.0.1. This is due to plugin providing the SMTP password in the SMTP Password field when viewing the settings. This makes it possible for authenticated attackers, with administrative-level access and above, to view the SMTP password for the supplied server. Although this would not be useful for attackers in most cases, if an administrator account becomes compromised this could be useful information to an attacker in a limited environment.

Related Vulnerabilities

CVE-2024-45744

LOW

CVSS:3.0(Low)

TopQuadrant TopBraid EDG stores external credentials insecurely. An authenticated attacker with file system access can read edg-setup.properites and obtain the secret to decrypt external passwords sto...

CWE-2572024

CVE-2019-5615

LOW

CVSS:3.1(Low)

Users with Site-level permissions can access files containing the username-encrypted passwords of Security Console Global Administrators and clear-text passwords for restoring backups, as well as the ...

CWE-2572019

CVE-2024-32122

LOW

CVSS:2.3(Low)

A storing passwords in a recoverable format in Fortinet FortiOS versions 7.2.0 through 7.2.1 allows attacker to information disclosure via modification of LDAP server IP to point to a malicious server...

CWE-2572024

CVE-2025-25983

LOW

CVSS:3.4(Low)

An issue in Macro-video Technologies Co.,Ltd V380 Pro android application 2.1.44 and V380 Pro android application 2.1.64 allows an attacker to obtain sensitive information via the QE code based sharin...

CWE-2572025

CVE-2019-18256

MEDIUM

CVSS:4.6(Medium)

BIOTRONIK CardioMessenger II, The affected products use individual per-device credentials that are stored in a recoverable format. An attacker with physical access to the CardioMessenger can use these...

CWE-2572019

CVE-2022-46142

MEDIUM

CVSS:4.6(Medium)

Affected devices store the CLI user passwords encrypted in flash memory. Attackers with physical access to the device could retrieve the file and decrypt the CLI user passwords.

CWE-2572022