Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Improper Access Control Vulnerability in Easy WP SMTP Plugin for WordPress

 

Systems Affected


WordPress Easy WP SMTP plugin versions 1.4.2 and below

Threat Level


High


Overview


MImproper access control vulnerability was identified in the WordPress easy WP SMTP plugin, which could lead an unauthorized user to reset the administrator password among other security-related issues.


Description


This vulnerability exists due to improper access restrictions. An attacker could access the debug log and use the password reset link to reset the administrator password.
Successful exploitation of this vulnerability leads the attacker to take control of the website and run restricted commands.


Impact


  ✻  Exposing sensitive information to unauthorized parties
  ✻  Unauthorized access to the website
  ✻  Denial of access to the website


Solution/ Workarounds


  ✻  Update to a version higher than version 1.4.2
   https://wordpress.org/plugins/easy-wp-smtp/


References


  ✻  https://www.zdnet.com/article/zero-day-in-wordpress-smtp-plugin-abused-to-reset-admin-account-passwords/
  ✻  https://www.cert-in.org.in


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.