ZDNet

Zero-day in WordPress SMTP plugin abused to reset admin account passwords

Hackers are resetting passwords for admin accounts on WordPress sites using a zero-day vulnerability in a popular WordPress plugin installed on more than 500,000 sites. The zero-day was used in ...
ZDNet

Zero-day in WordPress SMTP plugin abused by two hacker groups

Two cyber-security companies providing firewall plugins for WordPress sites have detected attacks abusing a zero-day vulnerability in a popular WordPress plugin. At least two hacker groups have been ...
Searchenginejournal.com

WordPress Easy WP SMTP Plugin Vulnerability

Popular WordPress plugin Easy WP SMTP plugin, with over 500,000 active installations, just patched a vulnerability that allows an attacker to take control of a site. The flaw in the WordPress plugin ...
heise online

Attacks observed: Vulnerability in WordPress Post SMTP plug-in allows takeover

Attacks are targeting a security vulnerability in the WordPress plug-in Post SMTP. It allows unauthenticated attackers to take over instances. The WordPress plug-in Post SMTP is used in more than ...
CSOonline

WordPress plugin hole enables account takeover

What makes this now-patched plugin hole especially dangerous is the lack of authentication needed for an attack, which can give the ability to change root/admin passwords. The disclosure of a major ...
Bleeping Computer

Over 150k WordPress sites at takeover risk via vulnerable plugin

Two vulnerabilities impacting the POST SMTP Mailer WordPress plugin, an email delivery tool used by 300,000 websites, could help attackers take complete control of a site authentication. Last month, ...