POST SMTP Mailer WordPress Plugin
It has recently been found that the POST SMTP Mailer WordPress plugin, a widely used email delivery tool utilized by about 300,000 websites, contains two vulnerabilities that could potentially give attackers total control over a site’s authentication. Security researchers Sean Murphy and Ulysses Saicha from Wordfence found these vulnerabilities and immediately notified the plugin’s vendor.
There is a critical vulnerability named CVE-2023-6875 that has been identified in a plugin, which is an authorization bypass flaw. This vulnerability is present in the plugin’s connect-app REST endpoint and is caused by a type juggling issue. The vulnerability affects all plugin versions up to version 2.8.7.
An unauthorized attacker can reset the API key and obtain sensitive log data, including password reset emails, by taking advantage of the CVE-2023-6875 vulnerability. The attacker can manipulate a function in the mobile app and set a valid token with a zero value for the authentication key through a specific request. By triggering a password reset for the site’s administrator, the attacker can then access the key from within the application, change it, and effectively lock the legitimate user out of their own account.
If the attacker gains administrator privileges, they gain full control over the site, enabling them to plant backdoors, modify plugins and themes, edit and publish content, or redirect users to malicious destinations. This can lead to severe consequences, including data theft or loss, financial loss, or reputational damage. Therefore, it is crucial to patch the vulnerability as soon as possible to prevent any potential exploitation.
The POST SMTP Mailer plugin has been found to have two vulnerabilities. The second vulnerability, identified as CVE-2023-7027, is a cross-site scripting (XSS) issue that arises due to insufficient input sanitization and output escaping. The vulnerability was reported on December 19, 2023, and a proof-of-concept (PoC) was shared the following day. The plugin’s vendor has released a patch for this XSS issue on January 1, 2024.
Cross-site scripting (XSS) vulnerabilities are a common type of security issue that occurs when an application fails to correctly sanitize user input, allowing malicious scripts to be injected into web pages. In the case of the POST SMTP Mailer plugin, this vulnerability could be exploited by an attacker to inject malicious scripts into the plugin’s output. This could potentially affect all users who interact with the affected pages.
The attack could be carried out by an attacker sending a specially crafted link to a victim or by having the victim visit a compromised website that contains a malicious script. Once the victim clicks on the link or visits the compromised website, the attacker could execute arbitrary code on the victim’s system, potentially leading to the theft of sensitive information. Therefore, it is crucial for users of the POST SMTP Mailer plugin to update to the latest version as soon as possible to mitigate the risk of exploitation.
The vendor’s prompt response to releasing a patch for the XSS vulnerability is commendable, as it helps protect users from potential attacks. It is crucial for website owners utilizing the POST SMTP Mailer plugin to update to the latest version as soon as possible to mitigate the risk associated with these vulnerabilities.
In conclusion, the discovery of these vulnerabilities in the POST SMTP Mailer WordPress plugin highlights the importance of regular security audits and prompt updates for all plugins and themes used on websites. Keeping software up-to-date is crucial to maintaining the security and integrity of a website. Additionally, website owners should consider implementing additional security measures, such as web application firewalls and security plugins, to further protect their sites from potential attacks.