Easy WP SMTP 1.4.3 Patches Sensitive Data Disclosure Vulnerability – WordPress Tavern

Easy WP SMTP has patched a vulnerability that allows attackers to capture the password reset link from the plugin’s debug log file and gain unauthorized access to the site. The plugin is used by more than 500,000 WordPress sites to configure and send all outgoing emails via a SMTP server so they are less likely to end up in recipients’ junk/spam folders.

WPScan categorized the vulnerability as a “sensitive data disclosure:”

The plugin has an optional debug log file generated with a random name, located in the plugin folder and which contains all email messages sent….


More Info

About mblog.my

Check Also

Best WordPress cache plugins of 2021

OK, so you’ve got your site, powered by the famous website builder and optional web …

Leave a Reply

Your email address will not be published. Required fields are marked *