Monday, July 15, 2019
Home Entertainment Zero-Day WordPress plugin exploited in the wild

Zero-Day WordPress plugin exploited in the wild

A Ninja tag for WordPress in the Easy WP SMTP plugin is actively used in the wild, according to NinTechNet.

The plug-in allows site owners to use WordPress to configure and send outgoing emails through an SMTP server. This prevents messages from landing in the recipient's junk folder. By exploiting a critical vulnerability, hackers reportedly gained administrator privileges and could modify content on WordPress sites.

In the Proof-of-Concept (PoC), NinTechNet researcher Jerome Bruandet said he had used "swpsmtp_import_settings" to upload a file containing a malicious serialized payload that allowed the user to register (users_can_register) and the user's default role (default_role) is set to & # 39; Administrator & # 39; in the database. "

With the largest market share among all content management systems (CMS), WordPress is used by one third of all websites, according to Web Technology Surveys (w3techs).

"Due to the mere dominance of the CMS space and the presence of many WordPress plugins, WordPress sites are a ripe target for cybercriminals. In this case, the Easy WP SMTP plug-in has over 300,000 active installations, and despite the availability of a patch, there are reports that attackers continue to target sites running the vulnerable plug-in, "said Satable Narang, senior research engineer at Tenable.

"The vulnerability exists in version 1.3.9 of the plugin, so users running older versions of the plugin are not vulnerable. However, all users, especially those using 1.3.9, should update to the latest version of the plugin,, as soon as possible. "

This latest exploit also highlights the importance of verifying plug-ins to ensure they are up-to-date and performing only authorized tasks, said Brandon Chen, Digital Security Manager and Operations Manager of The Media Trust.

"Remove when they are no longer needed [is] Part of protecting users from identity and financial theft. Each plugin represents at least some attack surfaces because the code that the plugin works with comes from at least one vendor that is likely to inject paged code. Any plugin you introduce into your digital environment introduces third parties that you may not know – and most of you may not know it. "


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Must Read

Jon Rahm: "Nobody will ever win an Open as Seve" | sports

The voice is soon among the children. "Jon Rahm! Jon Rahm! " When the Basque golfer finishes the practice round, his first contact with...

And if nobody asked to go to the Moon?

In the 60s, the whole world dreamed of reaching the Moon. And that's why it was worth it invest endless resources so that before...

Open water swimmers Florian Wellbrock and Rob Muffels are friends and competitors

Monday, 07/15/2019 18:44 clock Of course, they also congratulated together. As Finnia Wunram qualified on Sunday morning for the Olympic ten kilometers for Tokyo...