Easy WP SMTP Plugin Flaw Helps Hackers Reset Admin Account Passwords

by   |  Last Update:  |  0 Comments  

On This Page: [hide]

  1. Easy WP SMTP WordPress plugin zero-day vulnerability

wordpress plugin vulnerabillity article image howtohosting.guideIf you are using the popular Easy WP SMTP WordPress plugin, you should know that researchers discovered a zero-day vulnerability in it.

The plugin’s installations are more than 500,000, meaning that half a million websites are at risk. Furthermore, threat actors exploit the zero-day to reset admin account passwords and install rogue plugins on targeted websites.

Easy WP SMTP WordPress plugin zero-day vulnerability

The vulnerable version of Easy WP SMTP plugin is 1.4.2 and below. Unpatched websites could enable an unauthenticated user to reset the admin password, the researchers warned. NinTechNet researchers discovered the issue.

Where does the zero-day stem from?
The Easy WP SMTP utility is designed to help users configure and send outgoing emails via a SMTP server. The purpose of the plugin is to prevent emails from going into the recipients’ junk or spam folder.

The plugin has an optional debug log where it keeps all email messages the website sends. The log is a text file with a random name located inside the plugin’s installation folder. Since the folder doesn’t have an index.htlm file, threat actors can find and view the log on servers with directory listing enabled.

The next step of the attack is finding the admin login name, which can be done via the REST API or author archive scans. Next, hackers can access the login page and ask attempt to reset the admin password. Then, the debug log file needs to be accessed to copy the reset link WordPress sent. This link is used to reset the admin password.

Successful attacks against sites running the vulnerable version of Easy WP SMTP show hackers are using the zero-day to install malicious plugins.

To avoid any issues, users of the plugin should immediately update to the latest version. Another security tip is disabling the debug log because it could leak sensitive details such as passwords and messages.

Last week, Wordfence security researchers disclosed several vulnerabilities in another WordPress plugin, PageLayer. 200,000 websites were at risk.

If you want to stay informed about WordPress security, we advise you to keep an eye on HowToHosting.guide. We cover the latest news daily.

Researched and written by:
HowToHosting Editors
HowToHosting.guide provides expertise and insight into the process of creating blogs and websites, finding the right hosting provider, and everything that comes in-between. Read more...

No related posts.

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree
At HowToHosting.Guide, we offer transparent web hosting reviews, ensuring independence from external influences. Our evaluations are unbiased as we apply strict and consistent standards to all reviews.
While we may earn affiliate commissions from some of the companies featured, these commissions do not compromise the integrity of our reviews or influence our rankings.
The affiliate earnings contribute to covering account acquisition, testing expenses, maintenance, and development of our website and internal systems.
Trust howtohosting.guide for reliable hosting insights and sincerity.