|Number of vulnerabilities||1|
|Public exploit||This vulnerability is being exploited in the wild.|
Easy WP SMTP
Web applications / Modules and components for CMS
This security bulletin contains one critical risk vulnerability.
Exploit availability: NoDescription
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote attacker can access the debug log after the password reset, grab the reset link and take over the admin account.
Note: The vulnerability is being actively exploited in the wild.Mitigation
Install updates from vendor's website.Vulnerable software versions
Easy WP SMTP: 1.0.1 - 1.4.2
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?