Hackers reset passwords for admin accounts on WordPress sites using a zero-day vulnerability in a WordPress plugin – Easy WP SMTP. The plugin lets site owners configure the SMTP settings for their website’s outgoing emails and have more than 500,000 installations.
The zero-day vulnerability was affecting version 1.4.2 and below and could allow an unauthenticated user to reset the admin password. For a password reset, an email with the password reset link needs to be sent to the admin’s email account. The email is also recorded in the Debug log. Once the attacker has accessed the password reset link, they can proceed to the Admin dashboard, upload malicious plugins, and download the database.
The zero-day used in attacks over the past weeks has now been patched.
To Read More: ZDNet