February 2019

WordPress Easy WP SMTP plugin <= 1.3.9 - Unauthenticated arbitrary - wp_options import vulnerability

March 23, 2019February 23, 2019 by Manu

Last week, two cybersecurity companies found a Zero-Day vulnerability in WordPress SMTP Plugin. The vulnerability is located in the new import/export functionality added in v1.3.9 of Easy WP SMTP. It lets attackers exploit the lack of capability checks in the plugin’s admin_init hook to alter any values in the wp_options table. Additionally, since the admin_init … Read more

Remote File Inclusion (RFI)

July 23, 2020February 6, 2019 by admin

Remote File Inclusion (also known as RFI) is the process of including remote files through the exploiting of vulnerable inclusion procedures implemented in the application. This vulnerability occurs, for example, when a page receives, as input, the path to the file that has to be included and this input is not properly sanitized, allowing external … Read more