WordPress Plugin Vulnerability Report – POST SMTP Mailer – Authenticated (Administrator+) SQL Injection

Plugin Name: POST SMTP Mailer

Key Information:

Software Type: Plugin
Software Slug: post-smtp
Software Status: Active
Software Author: wpexpertsio
Software Downloads: 9,128,571
Active Installs: 300,000
Last Updated: October 3, 2023
Patched Versions: 2.6.1
Affected Versions: <=2.6.0


Vulnerability Details:

Name: Post SMTP <= 2.6.0 - Authenticated (Administrator+) SQL Injection
Type: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE: NA
CVSS Score: 7.2 (high)
Publicly Published: October 3, 2023
Researcher: NA
Description: The Post SMTP plugin for WordPress is vulnerable to time-based SQL Injection via the log_id parameter in versions up to, and including, 2.6.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with administrator-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Summary:

The POST SMTP Mailer plugin for WordPress has a vulnerability in versions up to and including 2.6.0 that allows authenticated users with administrator privileges to perform SQL injection attacks and extract sensitive information from the database. This vulnerability has been patched in version 2.6.1.


Detailed Overview:

The Post SMTP plugin is vulnerable due to insufficient input validation and lack of query parameterization in the log_id parameter. This allows authenticated administrators to inject arbitrary SQL queries into the existing SQL statements. By leveraging time-based techniques, an attacker could extract sensitive information like usernames, passwords, and other data from the database. This issue is rated as high severity with a CVSS score of 7.2.

To remediate this issue, users should update to version 2.6.1 or later, which properly sanitizes user input. Users should also check their sites for signs of compromise and reset admin passwords as a precaution. While an update is available, switching to alternate SMTP plugins can also mitigate risk.


Advice for Users:

Immediate Action: Update to version 2.6.1 as soon as possible.
Check for Signs of Vulnerability: Look for unexpected admin users or plugin/theme changes. Reset passwords.
Alternate Plugins: Consider using SMTP plugins like WP Mail SMTP or Easy WP SMTP temporarily.
Stay Updated: Always keep plugins updated, especially ones handling sensitive functions.
Conclusion:

The prompt response from the developers to patch this SQL injection vulnerability demonstrates the importance of timely security updates for WordPress sites. Users are strongly advised to update to version 2.6.1 or later to protect their WordPress installations.


References:

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/post-smtp/post-smtp-260-authenticated-administrator-sql-injection

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/post-smtp


Detailed Report:

Staying on top of website security is crucial these days, with new threats emerging on a regular basis. Unfortunately, many WordPress users fail to keep their plugins and themes updated, leaving their sites exposed. This became evident recently with the disclosure of a serious vulnerability in a popular WordPress plugin.

The Post SMTP Mailer plugin, installed on over 300,000 sites, contains a high severity SQL injection flaw allowing authenticated users to extract sensitive data from the database. With over 9 million downloads, this widely-used SMTP plugin contains a bug that could compromise thousands of sites.

Post SMTP Mailer is a popular WordPress plugin used to configure the sending of email through an SMTP server instead of the server PHP mail function. It currently has over 9 million downloads and around 300,000 active installs.

Recently, a high severity SQL injection vulnerability was disclosed that affects Post SMTP versions up to and including 2.6.0. This vulnerability allows authenticated administrators to inject arbitrary SQL queries due to insufficient validation of the log_id parameter. By leveraging time-based techniques, an attacker could potentially extract sensitive information like usernames, passwords, and other data from the database.

This vulnerability is extremely dangerous because compromised administrator accounts could lead to site takeovers, data theft, phishing campaigns and more. An attacker who gains admin access could install backdoors, steal financial data, and even host malware through the vulnerable site.

To mitigate this risk, Post SMTP users should update to version 2.6.1 as soon as possible. You should also check your site for any unauthorized changes to users, plugins or themes. As a precaution, resetting admin passwords is highly recommended. While an update is available, switching to alternate SMTP plugins like WP Mail SMTP can also reduce risk.

This is not the first vulnerability found in Post SMTP. In fact, there have been 7 other vulnerabilities disclosed in this plugin since March 2021. This highlights the importance of staying on top of security updates, especially for plugins that handle sensitive functions like sending email.

As a small business owner, keeping your WordPress site secure is essential but can be difficult without dedicated IT staff. Partnering with a managed service provider like Your WP Guy can help by handling updates, monitoring for threats and providing ongoing maintenance. Don't wait until you've been compromised - contact us today to discuss securing your website.

Staying on top of WordPress security can feel overwhelming for small business owners without dedicated IT staff. At Your WP Guy, we exist to shoulder that burden for you. Our WordPress experts can fully audit, secure, maintain and support your site - so you can focus on growing your business with peace of mind.

Don't tackle security risks alone. Let us help you assess any impact from this vulnerability, update your plugins, and implement ongoing maintenance to avoid future threats. We treat your website like it's our own - because we know how critical it is for reaching your customers.

Get in touch for a free consultation today on making WordPress security stress-free. Call 678-995-5169 or book a call here. Our knowledgeable team is ready to help you safeguard your online presence.

WordPress Plugin Vulnerability Report – POST SMTP Mailer – Authenticated (Administrator+) SQL Injection FAQs

Leave a Comment