Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

WordPress Easy WP SMTP zero-day potentially exposes hundreds of thousands of sites to hack

Threat actors are actively exploiting a zero-day vulnerability in the popular Easy WP SMTP WordPress plugin installed on more than 500,000 sites. Hackers are actively exploiting a zero-day vulnerability in the popular Easy WP SMTP WordPress plugin to reset passwords for admin accounts. The SMTP WordPress plugin is installed on more than 500,000 sites, but […]

Easy WP SMTP WordPress plugin

Threat actors are actively exploiting a zero-day vulnerability in the popular Easy WP SMTP WordPress plugin installed on more than 500,000 sites.

Hackers are actively exploiting a zero-day vulnerability in the popular Easy WP SMTP WordPress plugin to reset passwords for admin accounts.

The SMTP WordPress plugin is installed on more than 500,000 sites, but despite the security patch has been released earlier this week many sites are yet to be patched.

The WP SMTP WordPress plugin allows you to configure and send all outgoing emails via an SMTP server, preventing the emails from going into the junk/spam folder of the recipients.

The zero-day vulnerability affects WP SMTP 1.4.2 and earlier versions, it resides in a feature that creates debug logs for all emails sent by the site and store them in the installation folder.

According to the team at Ninja Technologies Network (NinTechNet), WP SMTP 1.4.2 and older versions of the plugin contain a feature that creates debug logs for all emails  (headers and body) sent by the site, which it then stores in its installation folder.

“The Easy WP SMTP plugin has an optional debug log where it writes all email messages (headers and body) sent by the blog. It is located inside the plugin’s installation folder, “/wp-content/plugins/easy-wp-smtp/”. The log is a text file with a random name, e.g., 5fcdb91308506_debug_log.txt.” reads a blog post published by Ninja Technologies Network (NinTechNet).

“The plugin’s folder doesn’t have any index.html file, hence, on servers that have directory listing enabled, hackers can find and view the log,” reads the post published by Ninja Technologies Network (NinTechNet).

Easy WP SMTP WordPress plugin

Attackers exploit the flaw to identify the admin account in the log and attempt to reset the password for an admin account.

The password reset procedure sends an email with the password reset link to the admin account, and this email is reported in the Easy WP SMTP debug log.

Since a password reset involves sending an email with the password reset link to the admin account, this email is also recorded in the plugin debug log.

The attackers access the debug log after the password reset, scan for the reset link, and take over the site’s admin account.

Easy WP SMTP WordPress plugin 2

The development team behind the plugin has addressed the flaw with the release of Easy WP SMTP 1.4.4.

At the time of this writing, it is unclear how many WordPress sites are still running vulnerable versions of the plugin that have the logging feature enabled.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, WordPress SMTP plugin)

[adrotate banner=”5″]

[adrotate banner=”13″]