WordPress Plugin Security Vulnerability: Easy WP SMTP

Orlando WordPress Developer

This past weekend, a major vulnerability was discovered on WordPress’ Easy SMTP plugin. This plugin, which allows users to configure SMTP connections for outgoing email has been installed on at least 300,000 WordPress websites. Hackers could exploit this vulnerability by setting administrative control for themselves. Make sure to continue reading to learn the basics of this attack and how to protect yourself.

The Attack

The vulnerability is only present in version 1.3.9 of the plugin. The root of the vulnerability is in the Import/Export functionality which was added to Easy WP SMTP in version 1.3.9. The new code resides in the plugin’s admin_init hook, which executes in wp-admin/scripts like admin-ajax.php and admin-post.php.

In short, the flaws in the code mentioned above do not include capabilities for special permissions, which means that unauthenticated users can access the website through it. If you would like to learn more about the specifics of the vulnerability, check WordFence’s article.

How to Keep your WordPress Website Safe

The best way to keep your website safe is to update the Easy WP SMTP plugin. On the other hand, if you think your website has been compromised already, there are a few ways to double check:

Logged traffic from the following IPs:
185.212.131.45
185.212.128.22
185.212.131.46
86.109.170.200
Database siteurl and home values not matching their intended values, especially including the following domains:
setforconfigplease[.]com
Getmyfreetraffic[.]com
Administrator accounts present for unknown users. For example:
devidpentesting99
larryking99

Easy SMTP Version 1.3.9.1

The latest version of the plugin Easy SMTP, released 4 days ago, claims to fix the following:

Fixed potential vulnerability in import\export settings.

If you are struggling to determine if your site has been compromised, to update your plugins, or if you would like to ensure your WordPress website is completely protected against hackers, contact us and we will take care of all of your WordPress maintenance needs.

Orlando WordPress Website Maintenance

If you would like Orlando WordPress Experts to hacker-proof your WordPress website, please reach out! We are expert WordPress developers & designers located in Orlando, Florida.

Author

M5 Design Studio

We are a small, but creative and passionate team of designers and developers specializing in web design, graphic design, branding & digital marketing.

5.0

Based on 35 reviews

review us on

Evelyn T

19:25 24 Aug 20

M5 Design Studio kindly offered our business free support in updating our online presence during the COVID-19 crisis. Some of their services included support in creating a Google listing to help people find our services in Google. It also included a banner to the top of our website to let customers know our current hours and important changes to our business during these times.We are forever grateful to M5 Design Studio for being generous, professional and helpful to us. Its an honor to have their support in the Orlando community. Thank you for helping Holistic Starlight be of service to the community, as well. It was wonderful working with Dominique and the team! FIVE STARS TO M5!

Romy Cuevas

11:21 01 Sep 18

I have had the best experience working with M5 Design Studio! They created a beautiful website for us which has brought so much more traffic to our business, we are so grateful! And they always help us come up with fresh new marketing strategies that work. They are dependent, reliable and over all a pleasure to work with. Definitely one of the best Orlando web design companies out there! Thank you!!!

Kristin Meyer

15:58 24 Aug 18

We have been so pleased with the work that M5 Design Studio has done for our business, Mindful Meals. They built us a beautiful website that is easy to navigate and visually appealing.Their client communication, even after the job has been completed, is top-notch and is one of the reasons we keep working with them for our additional website needs.If you are looking for a professional and reliable Orlando web design company that can get the job done right, we highly recommend M5 Design Studio.

Ralph L

22:15 23 Aug 18

M5 Design Studio is a hidden gem within the vast world of website design and technology companies. Although M5 is an Orlando website design company you don’t need to be a local business to benefit from their friendly, professional and attentive services. Martha and James at M5 Design Studio took our ambitious website concept from the idea stage to reality. The website is visually engaging, professional and mobile friendly, we can’t be happier with the outcome. It rivals websites that cost several thousands of dollars but it was very affordable and easy to update and maintain. We frequently receive compliments from people who call our office and think that we’re a national company because they checked-out our website. M5 Design Studio is more than just an Orlando website design company though. M5 designed our client presentation portfolio, company brochure, rack card, business cards, professional client handouts, referral card and there’s more marketing collateral in the works. We’ve learned to trust Martha, James and the M5 team with our business and that’s why we won’t partner with anyone else. If you’re looking for an affordable, knowledgeable, competent website design company, you would be doing yourself a disservice if you don’t take a minute to give Martha a call. Heart, Body & Mind Home Care.

Clinically Speaking

18:11 21 Aug 18

We have only good things to say about M5 Designs and would highly recommend them to anyone. M5 Designs is an Orlando web design company that has helped us create, maintain and update our website for 10 years. Maybe more!? From simple requests to complicated customizations, everything has always turned out great! Communicating with Martha and her team is easy and everything gets done quickly. We would never use anyone else and we do not hesitate to recommend them to anyone who asks. :)

WordPress Plugin Security Vulnerability: Easy WP SMTP

Orlando WordPress Developer

The Attack

How to Keep your WordPress Website Safe

Easy SMTP Version 1.3.9.1

Orlando WordPress Website Maintenance

Author

M5 Design Studio

List Your WooCommerce Products on Google Shopping

AI WooCommerce Plugins: Supercharge Your Online Store

Hcaptcha: WordPress Plugin Alternative to Google’s Recaptcha

CALL US

407-968-6296

Let’s Connect!

WordPress Plugin Security Vulnerability: Easy WP SMTP

Orlando WordPress Developer

The Attack

How to Keep your WordPress Website Safe

Easy SMTP Version 1.3.9.1

Orlando WordPress Website Maintenance

Author

M5 Design Studio

Related Posts

List Your WooCommerce Products on Google Shopping

AI WooCommerce Plugins: Supercharge Your Online Store

Hcaptcha: WordPress Plugin Alternative to Google’s Recaptcha