University Crest

[wlug] Two serious WordPress plugin vulnerabilities are being exploited in the wild

wlug archive index About the wlug list Mailing lists home
To The University of Waikato HomepageWaikato Home > Waikato Mailing Lists > wlug Info > wlug archives
Peter Reutemann fracpete@w...
Mon Mar 25 12:03:32 NZDT 2019

'Attackers have been actively exploiting serious vulnerabilities in
two widely used WordPress plugins to compromise websites that run the
extensions on top of the content management system.

The two affected plugins are Easy WP SMTP with 300,000 active
installations and Social Warfare, which has about 70,000 active
installations. While developers have released patches for both
exploited flaws, download figures indicate many vulnerable websites
have yet to install the fixes. Figures for Easy WP SMTP, which was
fixed five days ago, show the plugin has just short of 135,000
downloads in the past seven days. Figures for Social Warfare show it
has been downloaded fewer than 20,000 times since a patch was
published on WordPress on Friday. Sites that use either plugin should
disable them immediately and then ensure they have been updated to
version of Easy WP SMTP and 3.5.3 of Social Warfare.'

-- source:

Cheers, Peter
Peter Reutemann
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 858-5174

More information about the wlug mailing list
NOTICE: This is an archive of a public mailing list. The University of Waikato is not responsible for its contents.

The University of Waikato - Te Whare Wananga o Waikato