Quantcast
Channel: Tenable Blog
Viewing all articles
Browse latest Browse all 1935

Easy WP SMTP WordPress Plugin Exploited In The Wild

$
0
0

Popular WordPress plugin vulnerable to unauthenticated attacks continues to be targeted despite the availability of a patch.

Background

On March 17, researchers at Ninja Technologies Network (NinTechNet) published a blog about their discovery of a critical zero-day vulnerability in the Easy WP SMTP plugin that attackers began exploiting in the wild on March 15. According to WordPress, the Easy WP SMTP plugin has over 300,000 active installations. The Easy WP SMTP plugin authors released a patched version of the plugin on March 17. However, researchers at Defiant continue to observe attacks in the wild targeting this plugin.

Analysis

The vulnerability exists in version 1.3.9 of the Easy WP SMTP plugin. It was reportedly introduced when the authors added Import/Export functionality to the admin_init function. According to NinTechNet, this function is used to “view/delete the log, import/export the plugin configuration and to update options in the WordPress database.” The issue appears to be that any logged-in user is capable of executing these commands, as the code does not validate their privileges. What makes this more severe is the plugin’s use of AJAX, which is available in the admin_init function and allows unauthenticated users to execute these commands without logging into a vulnerable site.

Proof of concept

NinTechNet provided a proof of concept in its blog post that uploads a file to a vulnerable WordPress site, modifying its settings to allow any user to register on the site and grant administrator permissions to all users. They also mention that this vulnerability could be leveraged to achieve remote code execution.

Solution

The Easy WP SMTP plugin was updated to version 1.3.9.1 on March 17 to address this vulnerability. It is important for site administrators to ensure this plugin is up to date.

Site administrators must regularly review what plugins are running on their sites and whether they are up-to-date. Plugin updates may contain fixes for security issues and failure to update can leave sites vulnerable to compromise.

Identifying affected systems

A list of Nessus plugins to identify this vulnerability will appear here as they’re released.

Get more information

Join Tenable's Security Response Team on the Tenable Community.

Learn more about Tenable, the first Cyber Exposure platform for holistic management of your modern attack surface.

Get a free 60-day trial of Tenable.io Vulnerability Management.


Viewing all articles
Browse latest Browse all 1935

Trending Articles