2 min Security

150,000 WordPress sites at risk due to vulnerable SMTP plug-in

150,000 WordPress sites at risk due to vulnerable SMTP plug-in

A popular WordPress plug-in intended to send emails faster has been found to leave 150,000 websites vulnerable to a takeover. The developer of the POST SMTP plugin has acted swiftly, meaning a patch is already available.

Wordfence reports that the vulnerability was submitted during a bug bounty program in December. After the plugin’s developer WPExperts.io was notified, they reportedly acted quickly, according to Wordfence. An official patch was available as early as Jan. 1. However, 150,000 websites still appear not to have installed this patch.

Operation

The vulnerability allows an attacker to gain unauthorized access to data. It can also be modified to reset an API key that provides authentication to the mailer. Likewise, logs are viewable through the vulnerability, including login credentials. The end result could mean a complete takeover of the website.

The cause is a so-called type juggling vulnerability. That means that all versions of the plug-in up to 2.8.8 contain a loose comparison operator that is supposed to be strict. Thus, an attacker in this case has access to one of the variables used in the plugin for authentication, allowing it to be bypassed.

Additional firewall rule

Customers of the paid Wordfence service were already provided with a firewall rule on Jan. 3 that should prevent distress. Free platform users will get access to the same layer of protection on Feb. 2.

POST SMTP is intended to replace the default PHP mail system within WordPress with the SMTP protocol. A key benefit of this plug-in is that sent emails should be less likely to end up in the spam folder.

Since there are countless WordPress plug-ins in the wild, it is not very surprising that vulnerabilities occur often. That doesn’t make them any less dangerous, as demonstrated by the WP Fastest Cache plug-in in November, used by more than a million websites.