Security News > 2020 > December > Easy WP SMTP Security Bug Can Reveal Admin Credentials

Easy WP SMTP Security Bug Can Reveal Admin Credentials
2020-12-15 21:30

Easy WP SMTP, a WordPress plugin for email management that has more than 500,000 installations, has a vulnerability that could open the site up to takeover, researchers said.

Easy WP SMTP allows users to configure and send all outgoing emails via a SMTP server, so that they don't end up in the recipient's junk/spam folder.

"They access the login page and ask for the reset of the admin password. Then, they access the Easy WP SMTP debug log again in order to copy the reset link sent by WordPress. Once the link is received, they reset the admin password."

Logging into the admin dashboard gives attackers run of the site, including the ability to install rogue plugins, the researchers said.

In November, a security vulnerability was found in the Welcart e-Commerce plugin opens up websites to code injection.


News URL

https://threatpost.com/easy-wp-smtp-security-bug/162301/