Tuesday, April 23, 2019
Home Entertainment Zero-Day WordPress plugin exploited in the wild

Zero-Day WordPress plugin exploited in the wild

A Ninja tag for WordPress in the Easy WP SMTP plugin is actively used in the wild, according to NinTechNet.

The plug-in allows site owners to use WordPress to configure and send outgoing emails through an SMTP server. This prevents messages from landing in the recipient's junk folder. By exploiting a critical vulnerability, hackers reportedly gained administrator privileges and could modify content on WordPress sites.

In the Proof-of-Concept (PoC), NinTechNet researcher Jerome Bruandet said he had used "swpsmtp_import_settings" to upload a file containing a malicious serialized payload that allowed the user to register (users_can_register) and the user's default role (default_role) is set to & # 39; Administrator & # 39; in the database. "

With the largest market share among all content management systems (CMS), WordPress is used by one third of all websites, according to Web Technology Surveys (w3techs).

"Due to the mere dominance of the CMS space and the presence of many WordPress plugins, WordPress sites are a ripe target for cybercriminals. In this case, the Easy WP SMTP plug-in has over 300,000 active installations, and despite the availability of a patch, there are reports that attackers continue to target sites running the vulnerable plug-in, "said Satable Narang, senior research engineer at Tenable.

"The vulnerability exists in version 1.3.9 of the plugin, so users running older versions of the plugin are not vulnerable. However, all users, especially those using 1.3.9, should update to the latest version of the plugin,, as soon as possible. "

This latest exploit also highlights the importance of verifying plug-ins to ensure they are up-to-date and performing only authorized tasks, said Brandon Chen, Digital Security Manager and Operations Manager of The Media Trust.

"Remove when they are no longer needed [is] Part of protecting users from identity and financial theft. Each plugin represents at least some attack surfaces because the code that the plugin works with comes from at least one vendor that is likely to inject paged code. Any plugin you introduce into your digital environment introduces third parties that you may not know – and most of you may not know it. "


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Must Read

Hi Darwin does not air Friday, the decision of Mediaset: here is why

"Hi Darwin”, A very strong party, week after week it has always grown in ratings with episodes that have exceeded the average of...

the incredible effect of the electric bike according to Michel Cymes

Cycling is good for you, we know it. But the electric bike seems to be the ideal solution for our seniors, Michel Cymes explains...

Live: Without Messi, Barcelona with an unprecedented 11 against Alavés

Spain The Spanish League enters the final stretch of the tournament and this Tuesday FC Barcelona visits the always complicated Deportivo Alavés in key duel...

Saudi Arabia executes 37 people | TIME ONLINE

In Saudi Arabia According to the Interior Ministry, 37 people have been executed for alleged terrorism. The Saudi citizens are said to have built...

Alexandra Rosenfeld, her joint tattoo with her darling Hugo Clément

This weekend, Alexandra Rosenfeld posted two new snapshots on her Instagram account, revealing a new tattoo she imagined with her darling Hugo...