December 15, 2020 By Tara Seals
A poorly configured file opens users up to site takeover.
Easy WP SMTP, a WordPress plugin for email management that has more than 500,000 installations, has a vulnerability that could open the site up to takeover, researchers said.
Easy WP SMTP allows users to configure and send all outgoing emails via a SMTP server, so that they don’t end up in the recipient’s junk/spam folder. Version 1.4.2 and below contains a flaw in the debug file that is exposed because of a fundamental error in how the plugin maintains a folder, according to researchers at GBHackers.
