Improper access control in Easy WP SMTP

#VU48952 Improper access control in Easy WP SMTP

Published: 2020-12-14

Vulnerability identifier: #VU48952

Vulnerability risk: Critical

CVSSv3.1: 9.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-284

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Easy WP SMTP
Web applications / Modules and components for CMS

Vendor: wpecommerce, alexanderfoxc

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote attacker can access the debug log after the password reset, grab the reset link and take over the admin account.

Note: The vulnerability is being actively exploited in the wild.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Easy WP SMTP: 1.0.1 - 1.4.2

External links
http://www.zdnet.com/article/zero-day-in-wordpress-smtp-plugin-abused-to-reset-admin-account-passwords/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

Latest bulletins with this vulnerability

Improper access control in Easy WP SMTP plugin for WordPress