WordPress Easy WP SMTP plugin <= 1.4.2 - Unauthenticated Admin Password Reset

Back

Product: Easy WP SMTP
Description: Unauthenticated Admin Password Reset vulnerability found by mathieg2 in WordPress Easy WP SMTP plugin (versions <= 1.4.2).
Solution: Update the WordPress Easy WP SMTP plugin to the latest available version (at least 1.4.3). Attention! Please make sure you have a directory listing disabled since it could play its role in other attacks. We suggest you delete an old log file and let the plugin generate the new one with a new unique file name.
Classification: Type Information Disclosure
OWASP Top 10 A6: Sensitive Data Exposure
References: Vulnerability details
Plugin changelog
CVE: Name CVE-N/A
Versions: Affected In <= 1.4.2
Fixed In 1.4.3
Disclosure date: 2020-12-07
Credits: mathieg2

ThreatPress