djbaxter

Administrator
Administrator
Moderator
Joined
Jun 28, 2012
Messages
3,513
Reaction score
1,660
Hackers Abusing Recently Patched Vulnerability In Easy WP SMTP Plugin
by Mikey Veenstra , Wordfence
March 20, 2019

Over the weekend, a vulnerability was disclosed and patched in the popular WordPress plugin Easy WP SMTP. The plugin allows users to configure SMTP connections for outgoing email, and has a userbase of over 300,000 active installs. The vulnerability is only present in version 1.3.9 of the plugin, and all of the plugin’s users should update to 1.3.9.1 as quickly as possible to address the flaw.

This vulnerability is under active attack, being used by malicious actors to establish administrative control of affected sites en masse. ....

The attacks against this vulnerability are widespread, and successful exploits can grant full control of vulnerable sites to the attackers. As always, it’s important for users to regularly update their plugins in order to apply the security patches for vulnerabilities like these. Easy WP SMTP version 1.3.9.1 prevents unauthenticated access to the import script, as well as restricting affected options to only include expected values.

For typical WordPress users, if you believe your site may have been compromised as a result of this or any other vulnerability, consider reaching out to our team for a site cleaning. Otherwise, be on the lookout for the following indicators of compromise (IOCs):
  • Logged traffic from the following IPs:
    • 185.212.131.45
    • 185.212.128.22
    • 185.212.131.46
    • 86.109.170.200
  • Database siteurl and home values not matching their intended values, especially including the following domains:
    • setforconfigplease[.]com
    • getmyfreetraffic[.]com
  • Administrator accounts present for unknown users. For example:
    • devidpentesting99
    • larryking99
  • Malicious <script> tags injected into the first line of index.php files. For example:
    • <script type='text/javascript' async src='hXXps://setforspecialdomain[.]com/in2herg42t2?type=in2&frm=scr&'></script>


Read more...
 

djbaxter

Administrator
Administrator
Moderator
Joined
Jun 28, 2012
Messages
3,513
Reaction score
1,660
Also:

Earlier today, an unnamed security researcher published a full disclosure of a stored Cross-Site Scripting (XSS) vulnerability present in the most recent version of popular WordPress plugin Social Warfare. The plugin, which was subsequently removed from the WordPress.org plugin repository, has an active install base of over 70,000 sites. The flaw allows attackers to inject malicious JavaScript code into the social share links present on a site’s posts, and is under active attack in the wild.

We've just published a brief PSA including recommendations for impacted site owners.

You can read the full post on the official Wordfence blog…
 
Similar threads
Thread starter Title Forum Replies Date
djbaxter Ninja Forms WordPress Plugin: High Severity Vulnerability Patched Websites, Software, and Security 0
djbaxter Security vulnerability in WordPress Slick Popup Plugin Websites, Software, and Security 1
djbaxter Millions of WordPress Websites Affected By Plugin Vulnerability Websites, Software, and Security 2
djbaxter Fixed: Security Vulnerability in W3 Total Cache plugin in for WordPress Websites, Software, and Security 1
djbaxter WordPress: Contact Form 7 File Upload Vulnerability Websites, Software, and Security 0
djbaxter WordPress 5.1.1 Patches Critical Vulnerability: Update now Websites, Software, and Security 0
djbaxter WordPress vulnerability, all versions: Check your Author and higher role permissions Websites, Software, and Security 0
C Re: FBI: ISIL Defacements Exploiting WordPress Vulnerabilities Recycle Bin 0
C Re: FBI: ISIL Defacements Exploiting WordPress Vulnerabilities Recycle Bin 0
djbaxter FBI: ISIL Defacements Exploiting WordPress Vulnerabilities Mobile & Social 3
djbaxter Common Web Vulnerabilities Plague Top WordPress Plug-Ins Websites, Software, and Security 0
djbaxter How vulnerability makes you a better leader Break Room: Chat and Off Topic 0
ianscott Contact Form 7 Datepicker - High Vulnerability Leads To Plugin Closure Websites, Software, and Security 1
djbaxter Active Attack on Duplicator Plugin Vulnerability Websites, Software, and Security 0
djbaxter Zero-Day Vulnerability in ThemeREX Addons Plugin Websites, Software, and Security 0
djbaxter Critical Vulnerability Patched in Convert Plus Plugin v 3.4.3 Websites, Software, and Security 0
djbaxter Vulnerability Patched In WP Database Backup Plugin Websites, Software, and Security 1
djbaxter Persistent XSS Vulnerability Discovered in WP Super Cache Plugin Mobile & Social 0
Linda Buquet New Vulnerability Found in Every Single Version of Internet Explorer Marketing 0
djbaxter Update WP Super Cache and W3TC Immediately ? Remote Code Execution Vulnerability Websites, Software, and Security 0
rich_marlatt What Wordpress plugins do you recommend for SEO and Schema Markup? Ask a LocalU Expert [PRIVATE] (LocalU) 4
djbaxter WordPress: The NoneNone Brute Force Attacks: Currently Active Websites, Software, and Security 0
djbaxter New features in WordPress 5.6 Websites, Software, and Security 0
djbaxter PHP 8: What WordPress Users Need to Know Websites, Software, and Security 0
djbaxter Speed Test for WordPress sites Websites, Software, and Security 1
djbaxter New WordPress Toolkit from cPanel Websites, Software, and Security 0
djbaxter Facebook & Instagram embeds on WordPress will break soon Websites, Software, and Security 1
djbaxter WordPress 5.5 update breaks plugins: Here’s the fix Websites, Software, and Security 6
Andrew Scherer Hacking QDF with WordPress Plugins Local Content 2
djbaxter Bing URL Submissions Plugin For WordPress Websites, Software, and Security 2
A What Wordpress Website Builder & Theme do you use? (Page speed in mind) Organic SEO 4
A What Wordpress Speed Optimizing Plugins do you use? Websites, Software, and Security 7
djbaxter WordPress Sites Targeted in Large-Scale Attacks Websites, Software, and Security 0
C Don’t we all want to develop fast websites? WordPress fastest page speeds using background images <srcset>, <img>, <picture>, @media, @2x retina Websites, Software, and Security 0
djbaxter Test your Contact Form 7 on WordPress sites! Recycle Bin 4
djbaxter Critical security flaw in WordPress Jetpack plugin Websites, Software, and Security 0
djbaxter Site Kit by Google WordPress plugin Websites, Software, and Security 11
djbaxter WordPress Rich Reviews Plugin Under Active Attack Websites, Software, and Security 1
djbaxter Malicious WordPress Redirect Campaign Attacking Several Plugins Websites, Software, and Security 1
P New wordpress website Websites, Software, and Security 5
Chris Ratchford Anyone familiar w/ Advanced Custom Fields (for WordPress)? Consultant's Corner 6
brettmandoes Speed Plugin for WordPress sites Websites, Software, and Security 19
Jo Shaer Auto publishing from Wordpress blog to GMB post Google My Business & Google Maps 5
D Google Reviews Widget for WordPress Recycle Bin 0
djbaxter Stay current with the latest WordPress and Plugins Security Issues with this newsletter Websites, Software, and Security 0
djbaxter Urgent! Serious Security Threat Found in WordPress Plugin Yuzo Related Posts Websites, Software, and Security 1
djbaxter Grammarly Adds Junk Code to WordPress Posts and Pages Websites, Software, and Security 4
R Free Webinar: Wix, Weebly, Squarespace and WordPress - Which Is Best? Events 0
JoyHawkins Who is Switching to Wordpress 5.0? Websites, Software, and Security 13
djbaxter Google WordPress Plugin to Integrate Analytics, Search Console, AdSense, PageSpeed Websites, Software, and Security 4

Similar threads

Login / Register

Already a member?   LOG IN
Not a member yet?   REGISTER

Most UpVoted Answers

Trending: Most Viewed

LocalU Podcasts

  Promoted Posts

New advertising option: A review of your product or service posted by a Sterling Sky employee. This will also be shared on the Sterling Sky & LSF Twitter accounts, our Facebook group, LinkedIn, and both newsletters. More...
Google Product Exert


Top Bottom