wp smtp

Simple WP SMTP Security Vulnerability Can Display Administrator Credentials

Improperly configured files could prevent users from taking over the site.

Easy WP SMTP, a plugin for email management, has more than 500,000 installations and the vulnerability could lead to a takeover of the site, researchers said.

Easy WP SMTP allows users to configure and send all outgoing emails through the SMTP server so they don’t end up in the recipient’s spam folder. researchers at GBHackers say version 1.4.2 and lower contain a vulnerability in the debug file that was exposed due to a fundamental error in the way the plugin maintains its folders was exposed.

Monday’s posting said, “[The vulnerability] would allow an unauthenticated user to reset the administrator password, which would allow a hacker to take full control of the site.”

The optional debug log is where the plugin writes all emails (headers and body) sent from the site. It is located inside the plugin’s installation folder ” / wp-content / plugins / easy-wp-smtp /”, the researchers said.

The log is a simple text file; and there is no index.html file in the plugin’s folder, so on a server with directory listings enabled, a hacker could look up and view the log, paving the way for a username enumeration scan. This could allow the attacker to find the administrator login name.

“Hackers can also use author completion scans (/?author = 1) to perform the same task,” the researchers explained. “They visit the login page and ask to reset the administrator password. They then visit the Easy WP SMTP debug log again to copy the reset link sent by WordPress. After receiving the link, they reset the administrator password.”

The researchers said logging into the admin dashboard could give the ability to run the site, including installing malicious plugins.

Users should update to the current version 1.4.4 to resolve this issue.

Problematic plugins
plugins continue to provide easy access for attacking cybercriminals.

In November, a security flaw was discovered in the Welcart e-commerce plugin that opened the site for code injection. Researchers say this could lead to the installation of a payment inclusion machine, a site crash or information acquisition via SQL injection.

In October, two high-severity vulnerabilities were found in Post Grid, a plugin with more than 60,000 installations, which opened the door to a site takeover. By September, a high severity vulnerability in Icegram’s email subscriber and newsletter plugins was found to affect more than 100,000 WordPress sites.

Earlier in August, a plugin designed to add quizzes and surveys to sites fixed two critical vulnerabilities. These vulnerabilities could be exploited by an unauthenticated, remote attacker to launch a variety of attacks, including a complete takeover of a vulnerable website. Also in August, Newsletter, a WordPress plugin with more than 300,000 installations, was found to have a pair of vulnerabilities that could lead to code execution or even a site takeover.

And, in July, researchers warned of a serious vulnerability in a WordPress plugin called Comments – wpDiscuz, which has been installed on more than 70,000 sites. The vulnerability allows an unauthenticated attacker to upload arbitrary files (including PHP files) and eventually execute remote code on vulnerable web servers.