ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Easy WP SMTP plugin <= 1.3.9 - Unauthenticated arbitrary "wp_options" import vulnerability

Product
Easy WP SMTP
Description
Unauthenticated arbitrary "wp_options" import vulnerability found Jerome Bruandet in WordPress Easy WP SMTP plugin (versions <= 1.3.9).
Solution
Update the WordPress Easy WP SMTP plugin to the latest available version (at least 1.3.9.1).
Classification
Type BYPASS
OWASP Top 10 A2: Broken Authentication and Session Management
References
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In <= 1.3.9
Fixed In 1.3.9.1
Disclosure date
2019-03-20
Credits
Jerome Bruandet
Submitter
ThreatPress