WordPress plugin, Easy WP SMTP, which has more than 500,000 active users fixed a critical zero-day vulnerability that affects version 1.4.2 and older. The vulnerability could allow an unauthenticated user to reset the admin password among other issues. The vulnerability was found by a security researcher, Jerome Braundet, from NinTechNet and published a post about it. Shortly after, the vulnerability was fixed by the plugin’s developers.
Inside the plugin’s installation folder, the plugin has an optional debug log where it writes all email messages sent by the blog. When hackers can find and view the log, they can perform the username enumeration scans to find the admin login name.
Hackers can also perform the same task using author archive scans, which allows them to ask for resetting the admin password. Then by accessing the debug log to copy the reset link and with link, they can reset the admin password. NinTechNet urged all users to update the plugin to the 1.4.3 version.