- What? Easy SMTP Plugin: version v1.3.9 – Vulnerable!
- When? The vulnerability, found in version v1.3.9, has been exploited by hackers since at least March 15 (11:00 am UTC), and was caught by the Web Application Firewall for WordPress, NinjaFirewall (WP Edition) as well as Cerber Security, Antispam & Malware Scan.
Recently a vulnerability was disclosed and patched in the popular WordPress plugin Easy WP SMTP. Hackers exploiting this vulnerability were able to inject malicious code using this critical zero-day vulnerability which allowed unauthenticated users to modify
WordPress options among other malicious actions. The popular Easy WP SMTP plugin has over 300,000+ active installations. Thousands of WordPress users were affected.
Safe Alternatives to Easy SMTP? WP Mail
No GlowFrog Hosting, LLC customers were affected by this hack, but we are still encouraging members of the GlowFrog Hosting, LLC family to ensure their plugins are up-to-date to help prevent future hacks.