On December 14th, 2023, during our Bug Bounty Program Holiday Bug Extravaganza, we received a submission for an Authorization Bypass vulnerability in POST SMTP Mailer, a WordPress plugin with over 300,000+ active installations. This vulnerability makes it possible for unauthenticated threat actors to reset the API key used to authenticate to the mailer and view logs, including password reset emails on WordPress sites that use this plugin. We also received another submission shortly after for an Unauthenticated Stored Cross-Site Scripting vulnerability in POST SMTP Mailer plugin from another researcher. This vulnerability enables threat actors to inject malicious web scripts into pages.
You may also like
Introducing … WPMU DEV Expert Services for Enhanced WordPress Site Management
Say goodbye to time-consuming tasks and hello to...
How Do Beginners Write and Learn the Sarkari Exam?
Sarkari exams, also known as government exams...
14 Best WordPress Membership Plugins (Compared) – 2024
Are you looking for the best WordPress membership...