A Ninja tag for WordPress in the Easy WP SMTP plugin is actively used in the wild, according to NinTechNet.
The plug-in allows site owners to use WordPress to configure and send outgoing emails through an SMTP server. This prevents messages from landing in the recipient's junk folder. By exploiting a critical vulnerability, hackers reportedly gained administrator privileges and could modify content on WordPress sites.
In the Proof-of-Concept (PoC), NinTechNet researcher Jerome Bruandet said he had used "swpsmtp_import_settings" to upload a file containing a malicious serialized payload that allowed the user to register (users_can_register) and the user's default role (default_role) is set to & # 39; Administrator & # 39; in the database. "
With the largest market share among all content management systems (CMS), WordPress is used by one third of all websites, according to Web Technology Surveys (w3techs).
"Due to the mere dominance of the CMS space and the presence of many WordPress plugins, WordPress sites are a ripe target for cybercriminals. In this case, the Easy WP SMTP plug-in has over 300,000 active installations, and despite the availability of a patch, there are reports that attackers continue to target sites running the vulnerable plug-in, "said Satable Narang, senior research engineer at Tenable.
"The vulnerability exists in version 1.3.9 of the plugin, so users running older versions of the plugin are not vulnerable. However, all users, especially those using 1.3.9, should update to the latest version of the plugin, 22.214.171.124, as soon as possible. "
This latest exploit also highlights the importance of verifying plug-ins to ensure they are up-to-date and performing only authorized tasks, said Brandon Chen, Digital Security Manager and Operations Manager of The Media Trust.
"Remove when they are no longer needed [is] Part of protecting users from identity and financial theft. Each plugin represents at least some attack surfaces because the code that the plugin works with comes from at least one vendor that is likely to inject paged code. Any plugin you introduce into your digital environment introduces third parties that you may not know – and most of you may not know it. "