ThreatPress

WordPress Vulnerability Database

Back

WordPress Easy WP SMTP plugin <= 1.4.2 - Unauthenticated Admin Password Reset

Product
Easy WP SMTP
Description
Unauthenticated Admin Password Reset vulnerability found by mathieg2 in WordPress Easy WP SMTP plugin (versions <= 1.4.2).
Solution
Update the WordPress Easy WP SMTP plugin to the latest available version (at least 1.4.3). Attention! Please make sure you have a directory listing disabled since it could play its role in other attacks. We suggest you delete an old log file and let the plugin generate the new one with a new unique file name.
Classification
Type Information Disclosure
OWASP Top 10 A6: Sensitive Data Exposure
References
Vulnerability details
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In <= 1.4.2
Fixed In 1.4.3
Disclosure date
2020-12-07
Credits
mathieg2