Two vulnerabilities impacting the POST SMTP Mailer WordPress plugin, an email delivery tool used by 300,000 websites, could help attackers take complete control of a site authentication.
Last month, Wordfence security researchers Ulysses Saicha and Sean Murphy discovered two vulnerabilities in the plugin and reported them to the vendor.
The first, tracked as CVE-2023-6875, is a critical authorization bypass flaw arising from a “type juggling” issue on the connect-app REST endpoint. The issue impacts all versions of the plugin up to 2.8.7
[...]
Over 150k WordPress sites at takeover risk via vulnerable plugin
Over 150k WordPress sites at takeover risk via vulnerable plugin
-
rbc
- President
- Posts: 291
- Joined: Mon Oct 30, 2023 1:32 am
- Location: Vicksburg, MS
- ISC2 Member Status: Yes
- Contact:
Over 150k WordPress sites at takeover risk via vulnerable plugin
Robert B. Carleton + ISC2 Central Mississippi President