A popular WordPress plugin called POST SMTP Mailer has been discovered to have vulnerabilities that could potentially allow hackers to take control of websites it is installed on. Security researchers at Wordfence found two critical flaws in the plugin, with the first flaw allowing attackers to reset the plugin’s authentication API key and access sensitive logs. This could lead to unauthorized access, publication of unauthorized content, and planting of backdoors. The second flaw allowed hackers to inject malicious scripts into webpages. The developers of the plugin worked diligently to fix the flaws and released an update to address the security issues. However, statistics show that only 53% of installations have updated to the latest version, leaving approximately 150,000 sites vulnerable. It is crucial for WordPress website owners using the POST SMTP Mailer plugin to ensure they have updated to the latest patched version.
Key points:
– The POST SMTP Mailer WordPress plugin has been found to have vulnerabilities that could allow hackers to take control of websites.
– The first flaw enables attackers to reset the plugin’s authentication API key and access sensitive logs.
– The second flaw allows hackers to inject malicious scripts into webpages.
– The plugin developers have released an update to fix the vulnerabilities.
– Approximately 150,000 sites are still vulnerable as only 53% of installations have updated to the latest version.