Last week in the popular plugin Easy WP SMTP for WordPress, installed on more than 500,000 sites, has been fixed a serious vulnerability that allows you to reset the password from the administrator account. This plugin allows site owners to configure SMTP settings for their site’s outgoing email.
According to according to Ninja Technologies Network researchers, Easy WP SMTP version 1.4. which creates debug logs for all emails sent by the site, which are then stored in the installation folder. “There is no index.html file in the plugin folder, and therefore, on servers where the directory listing is enabled, hackers can find and view this log,” experts explain. Experts warn that sites with vulnerable versions of the plugin are about two weeks, automated attacks were launched, the purpose of which was to identify the administrator account and then initiate a password reset for it. The fact is that to reset the administrator password, you need to send an email with a special link, and this email also ends up in the Easy WP SMTP logs. Essentially, all an attacker needs to do is access the debug log, find the password reset link there, and hijack the site administrator account. As mentioned above, the plugin developers have already fixed the vulnerability. The patch was included in Easy WP SMTP version 1.4.4. It should be noted that this is not the first critical bug in Easy WP SMTP. So, in 2019, a problem was discovered in the plugin that allowed third parties to enable user registration, and then create new administrator accounts.
Source: xaker.ru