Popular WordPress plugin Easy WP SMTP plugin, with more than 500,000 active installations, just fixed a vulnerability that allows an attacker to take control of a site. The defect in the WordPress plugin allows hackers to reset the admin password and take complete control of a website.
The vulnerability is in a debug log document that is exposed because of a very basic error in how the plugin maintained a folder. Plugin folders on a folder that contain records that are not intended to be seen by users usually contain a blank index.html file. The purpose of that file is to keep someone from navigating to that folder and discovering a list of files within that folder.
If someone can see the list of files, then they can potentially access those files, which is the case.
The folder where the debug log file exists doesn’t have an index.html file. So on servers where directory index listings are not disabled by default a malicious hacker can gain access to that file.
What they initially do is acquire an admin level user name from the WordPress site they are attempting to hack using widely known techniques.
Then they access the WordPress login page and send a password reset for the admin account.
Finally they access the debug log file and recover a record of the password reset link that the WordPress site sent. When they recover that link they can enter it, reset the password and then enjoy full access to the WordPress site.
The Easy WP SMTP Vulnerability plugin maintains what is known as a changelog that documents all the changes within each update. The changelog is intended to be read so a user can understand what an update is changing.
Typically when vulnerability is being fixed the plugin developers will note that vulnerability is being fixed. This gives the WordPress publisher the data they need to settle on an educated decision as to whether or not to update a plugin or wait.
A changelog that informs a publisher that an update is stopping vulnerability allows that publisher to settle on an educated decision to update the plugin in order to avoid getting hacked.
The Easy WP SMTP plugin changelog just says that they are embeddings an index.html file in a folder to prevent anyone from browsing it. That should be warning enough that this is a significant update, but only if the publisher understands that looking into the folder is dangerous.
Full details and description of this vulnerability is available at the NinTechNet blog.
It is highly suggested that all users of the Easy WP SMTP plugin update to a version that is higher than version 1.4.2.
We at CodeLedge, provide Sweden’s best WordPress Development services. We are experts at making a website fully secure from hackers and easy to load. Feel free to talk with us at email@example.com or get a quote from here.