Easy WP SMTP <= 1.3.9 - Missing Authorization to Arbitrary Options Update

The Easy WP SMTP plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.3.9. This is due to missing capability checks on the admin_init() function, in addition to insufficient input validation. This makes it possible for unauthenticated attackers to modify the plugins settings and arbitrary options on the site that can be used to inject new administrative user accounts.


References:

Short Info


Level

Critical

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

10 days 22 hours

Scan only one

Domain, Subdomain, IPv4

Toolbox

-
Get started to protecting your digital assets