Major WP Exploit caused by the SMTP plugin


#1

Hi Everyone,

We would like to inform you that recently a number of WordPress site were hacked and it was causing redirection to another site with URL hxxps://getmyfreetraffic(dot)com initially the cause of the issue was unknown we found out that the Site URL field is updated in Database as shared in the screeshot

And a user was being added in users table with the following email and name

username: devidpentesting99
email: devidpentesting@yandex.ru

Upon further check we found out that all of the sites that were hacked or exploit had one common plugin name EASY WP SMTP, if any customer is facing any such issue or hack on his site we request you to upgrade the plugin to the latest version as the exploit has been fixed by the plugin author, the details of the change log here https://wordpress.org/plugins/easy-wp-smtp/#developers confirm that a fix has been applied for further details on how the exploit works please refer https://blog.nintechnet.com/critical-0day-vulnerability-fixed-in-wordpress-easy-wp-smtp-plugin/ who originally reported the bug.

Thanks
Best Regards
Anas Moiz


#2

In fact I had to restore from a backup because of that hacking. The hacker “registered” its user even when Wordpress user registration was disabled.