Over 150k WordPress sites at takeover risk via vulnerable plugin
Posted: Fri Jan 12, 2024 12:55 pm
Two vulnerabilities impacting the POST SMTP Mailer WordPress plugin, an email delivery tool used by 300,000 websites, could help attackers take complete control of a site authentication.
Last month, Wordfence security researchers Ulysses Saicha and Sean Murphy discovered two vulnerabilities in the plugin and reported them to the vendor.
The first, tracked as CVE-2023-6875, is a critical authorization bypass flaw arising from a “type juggling” issue on the connect-app REST endpoint. The issue impacts all versions of the plugin up to 2.8.7
[...]
Over 150k WordPress sites at takeover risk via vulnerable plugin
Last month, Wordfence security researchers Ulysses Saicha and Sean Murphy discovered two vulnerabilities in the plugin and reported them to the vendor.
The first, tracked as CVE-2023-6875, is a critical authorization bypass flaw arising from a “type juggling” issue on the connect-app REST endpoint. The issue impacts all versions of the plugin up to 2.8.7
[...]
Over 150k WordPress sites at takeover risk via vulnerable plugin