CVE-2019-25141
Easy WP SMTP <= 1.3.9 - Missing Authorization to Arbitrary Options Update
In short
The Easy WP SMTP plugin for WordPress allows unauthenticated attackers to change plugin settings and site options without logging in, which can be exploited to create fake admin accounts. This is a critical flaw because anyone on the internet can take control of the website.
Technical detail
The plugin's admin_init() function lacks capability checks and input validation, allowing unauthenticated POST requests to modify arbitrary WordPress options. An attacker can inject new administrative user accounts or alter site configuration without authentication, leading to complete site compromise.
Summary generated and translated by AI from the official description.
The Easy WP SMTP plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.3.9. This is due to missing capability checks on the admin_init() function, in addition to insufficient input validation. This makes it possible for unauthenticated attackers to modify the plugins settings and arbitrary options on the site that can be used to inject new administrative user accounts.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
smub · Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and moreWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://blog.nintechnet.com/critical-0day-vulnerability-fixed-in-wordpress-easy-wp-smtp-plugin/https://plugins.trac.wordpress.org/changeset?old_path=%2Feasy-wp-smtp&old=2052057&new_path=%2Feasy-wp-smtp&new=2052058&sfp_email=&sfph_mail=https://wordpress.org/support/topic/vulnerability-26/https://www.wordfence.com/threat-intel/vulnerabilities/id/84b75f7d-7258-46f6-aee6-b96d70bee264?source=cve