|Number of vulnerabilities||1|
|CWE ID|| CWE-284
|Public exploit||This vulnerability is being exploited in the wild.|
Easy WP SMTP
Web applications / Modules and components for CMS
This security advisory describes one critical risk vulnerability.
Exploit availability: NoDescription
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote attacker can access the debug log after the password reset, grab the reset link and take over the admin account.
Note: The vulnerability is being actively exploited in the wild.Mitigation
Install updates from vendor's website.Vulnerable software versions
Easy WP SMTP: 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.0.8, 1.0.9, 1.1.0, 1.1.9, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.7, 1.2.9, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.3.5, 1.3.6, 1.3.9, 126.96.36.199, 188.8.131.52, 184.108.40.206, 1.4.0, 1.4.1, 1.4.2CPE
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.