Vulnerability Discovered in v1.3.9 of Easy WP SMTP Plugin
On March 15, NinTechNet reported a zero-day vulnerability in version 1.3.9 of the Easy WP SMTP plugin. The vulnerability lets hackers gain admin access to affected WordPress websites. Luckily, the plugin’s developers reacted instantaneously. On March 17, they released a new version of the plugin, with the vulnerability successfully patched.
If you are among the 300,000+ users of Easy WP SMTP, you should make sure to update your plugin to this latest version (v1.3.9.1) as soon as possible.
Details
The vulnerability is located in the new import/export functionality added in v1.3.9 of Easy WP SMTP. It lets attackers exploit the lack of a capability check in the plugin’s admin_init
hook to alter any values in the wp_options
table. Additionally, since the admin_init
hook also executes in admin-ajax.php
, the vulnerability can even be exploited by unauthenticated users. Therefore, anyone with the sufficient know-how can easily modify the wp_user_roles
field to set all user roles to “administrator”. Clearly, this is a huge issue. You can read an in-depth breakdown of how hackers are exploiting the vulnerability on the Wordfence blog or in this post by NinTechNet.
Recommended Actions
As I already mentioned, if you have Easy WP SMTP installed on your WordPress website, you should immediately update the plugin to version 1.3.9.1. But if you suspect your website is already affected by this vulnerability, you can also take the following precautions:
- Install a security plugin and execute a file scan.
- Change all your passwords.
- Navigate to the “Users” page of your WordPress admin panel to check for any new or unusual accounts (and remove them).
- Also check for suspicious changes in your WordPress general settings (Settings >> General).
We hope this article was helpful. If you liked it, feel free to check out some of these articles as well!