[who]

This vulnerability makes it possible for unauthenticated threat actors to reset the API key used to authenticate to the mailer and view logs, including password reset emails on WordPress sites that use this plugin. We also received another submission shortly after for an Unauthenticated Stored Cross-Site Scripting vulnerability in POST SMTP Mailer plugin from another researcher. This vulnerability enables threat actors to inject malicious web scripts into pages.

Blog:
https://www.wordfence.com/blog/2024/01/t...ss-plugin/

PoC:

Hidden Content

You must register or login to view this content.

[zinzeur]

I posted a video about this

[who]

I posted a video about this

put it here

[MorganDam]

Nice sharing. Im gonna check it out!

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.

[AnonymH99]

Thanks for sharing

[koala222]

I posted a video about this

i have a question... is there any way for us to discover wp websites that have that smtp mailer plugin installed.

[Kilian]

Where I can check video?

[RADAR]

nice share, who ever used it there?

[Writeuphtb]

This vulnerability makes it possible for unauthenticated threat actors to reset the API key used to authenticate to the mailer and view logs, including password reset emails on WordPress sites that use this plugin. We also received another submission shortly after for an Unauthenticated Stored Cross-Site Scripting vulnerability in POST SMTP Mailer plugin from another researcher. This vulnerability enables threat actors to inject malicious web scripts into pages.

Blog:
https://www.wordfence.com/blog/2024/01/t...ss-plugin/

PoC:

thks very much i will use a lot

[WizVenex1]

mega share or leav the marjet

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Fabricated evidence | Retarded Monkey