The Easy WP SMTP plugin authors have released a new update, fixing a very critical 0day vulnerability. When leveraged, this vulnerability gives unauthenticated attackers the power to modify any options of an affected site — ultimately leading to a complete site compromise.

The vulnerability, found only in version 1.3.9, has been seen exploited in the wild and impacts thousands of sites.

Technical Details

The bug being exploited takes advantage of a misunderstanding of the admin_init hook’s execution context.

Continue reading 0day Vulnerability in Easy WP SMTP Affects Thousands of Sites at Sucuri Blog.

Via Sucuri.net