WordPress File Management Plugin Riddled with Critical Bugs threatpost.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from threatpost.com Daily Mail and Mail on Sunday newspapers.
The plugin has
500,000 + active installations.
The plugin has an optional debug log where it writes all email messages including headers and body sent by the blog. The log is located inside the plugin`s installation folder “wp-content/plugins/easy-wp-smtp”/
“The plugin’s folder doesn’t have any index.html file, hence on servers that have directory listing enabled, hackers can find and view the log:” Said by Jerome Bruandet
Credits: Ninja Technologies Network (NinTechNet)
A password reset requires sending an email with the password reset link to the admin’s email account. The email is also recorded in the Debug log.