Go Back   Carder.life > [en] International Forum > Carding News
Reload this Page WordPress Easy WP SMTP zero-day potentially exposes hundreds of thousands of sites to hack

CARDER.MARKET - CARDING FORUM FOR PROFESSIONAL CARDERS


Reply
 
Thread Tools Display Modes
  #1  
Old 05-05-2025, 03:54 AM
Artifact's Avatar

Artifact Artifact is offline
Administrator
Join Date: Jan 2024
Posts: 0
Default

Hackers are actively exploiting a zero-day vulnerability in the popular Easy WP SMTP WordPress plugin to reset passwords for admin accounts.
The SMTP WordPress plugin is installed on more than 500,000 sites, but despite the security patch has been released earlier this week many sites are yet to be patched.
The WP SMTP WordPress plugin allows you to configure and send all outgoing emails via an SMTP server, preventing the emails from going into the junk/spam folder of the recipients.
The zero-day vulnerability affects WP SMTP 1.4.2 and earlier versions, it resides in a feature that creates debug logs for all emails sent by the site and store them in the installation folder.
According to the team at Ninja Technologies Network (NinTechNet), WP SMTP 1.4.2 and older versions of the plugin contain a feature that creates debug logs for all emails (headers and body) sent by the site, which it then stores in its installation folder.
“The Easy WP SMTP plugin has an optional debug log where it writes all email messages (headers and body) sent by the blog. It is located inside the plugin’s installation folder, “/wp-content/plugins/easy-wp-smtp/”. The log is a text file with a random name, e.g., 5fcdb91308506_debug_log.txt.” reads a blog post published by Ninja Technologies Network (NinTechNet).
“The plugin’s folder doesn’t have any index.html file, hence, on servers that have directory listing enabled, hackers can find and view the log,” reads the post published by Ninja Technologies Network (NinTechNet).

Attackers exploit the flaw to identify the admin account in the log and attempt to reset the password for an admin account.
The password reset procedure sends an email with the password reset link to the admin account, and this email is reported in the Easy WP SMTP debug log.
Since a password reset involves sending an email with the password reset link to the admin account, this email is also recorded in the plugin debug log.
The attackers access the debug log after the password reset, scan for the reset link, and take over the site’s admin account.

The development team behind the plugin has addressed the flaw with the release of Easy WP SMTP 1.4.4.
At the time of this writing, it is unclear how many WordPress sites are still running vulnerable versions of the plugin that have the logging feature enabled.
Reply

Tags
NULL

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Forum Jump




All times are GMT. The time now is 08:06 PM.

Contact Us - Carder.life - Archive - Top