WordPress Plugin Security Vulnerability: Easy WP SMTP

Orlando-WordPress-Developer and Maintenance

Orlando WordPress Developer

This past weekend, a major vulnerability was discovered on WordPress’ Easy SMTP plugin. This plugin, which allows users to configure SMTP connections for outgoing email has been installed on at least 300,000 WordPress websites. Hackers could exploit this vulnerability by setting administrative control for themselves. Make sure to continue reading to learn the basics of this attack and how to protect yourself.

The Attack

The vulnerability is only present in version 1.3.9 of the plugin. The root of the vulnerability is in the Import/Export functionality which was added to Easy WP SMTP in version 1.3.9. The new code resides in the plugin’s admin_init hook, which executes in wp-admin/scripts like admin-ajax.php and admin-post.php.

In short, the flaws in the code mentioned above do not include capabilities for special permissions, which means that unauthenticated users can access the website through it. If you would like to learn more about the specifics of the vulnerability, check WordFence’s article.

How to Keep your WordPress Website Safe

The best way to keep your website safe is to update the Easy WP SMTP plugin. On the other hand, if you think your website has been compromised already, there are a few ways to double check:

  • Logged traffic from the following IPs:
  • Database siteurl and home values not matching their intended values, especially including the following domains:
  • Administrator accounts present for unknown users. For example:

Easy SMTP Version

The latest version of the plugin Easy SMTP,  released 4 days ago, claims to fix the following:

  • Fixed potential vulnerability in import\export settings.

If you are struggling to determine if your site has been compromised, to update your plugins, or if you would like to ensure your WordPress website is completely protected against hackers, contact us and we will take care of all of your WordPress maintenance needs.

Orlando WordPress Website Maintenance

If you would like Orlando WordPress Experts to hacker-proof your WordPress website, please reach out! We are expert WordPress developers & designers located in Orlando, Florida.


Category: Orlando Wordpress Tags: , , , , , No Comments
New Woocommerce Released Orlando

WooCommerce 8.3.0 Released

ORLANDO WORDPRESS DEVELOPER Whats new? Cart, Checkout, and Order Confirmation Blocks Are Default on New Ins
Wordpress 5.8 release maintenance

Latest Features in WordPress 5.8

WordPress Developer WordPress Version 5.8 was released on July 20th, 2021 with several features anticipated by web devel
wordpress webp images

New Support in WordPress for WebP Images

WordPress Developer WebP images are a type of image file designed for smaller file sizes and faster loading times than J

Comments are closed.