WordPress Easy WP SMTP plugin <= 1.3.9 - Unauthenticated arbitrary "wp_options" import vulnerability
Vulnerable versions
<= 1.3.9
PSID
196c9079efbc
CVE ID
N/A
Classification
Bypass Vulnerability
OWASP Top 10
A2: Broken Authentication and Session Management
Required privilege
Publicly disclosed
2019-03-20
Patchstack vPatch available since
09.12.2021
Details
Unauthenticated arbitrary "wp_options" import vulnerability found Jerome Bruandet in WordPress Easy WP SMTP plugin (versions <= 1.3.9).
Solution
Update the WordPress Easy WP SMTP plugin to the latest available version (at least 1.3.9.1).
References
Plugin changelog