Login

Tag Archives: Cross-Site Request Forgery (CSRF)/Email Sending

20 Jan 2022

Wordfence Fails to Warn of Easy to Spot Vulnerabilities in WP HTML Mail

A couple of frequent issues we see with the WordPress security company Wordfence involve them belatedly telling people to update individual plugins instead of just telling people to keep plugins up to date at all times (which they admit would lessen the need for what they are selling) and failing to warn people that plugins still contain easy to spot vulnerabilities. Both of those are true with the plugin WP HTML Mail.

Yesterday, they told people to update the plugin because of a cross-site scripting (XSS) vulnerability that had already been fixed. But while reviewing that, we found the plugin still contains an easy to spot XSS vulnerability and the same code allows anyone logged in to WordPress to send unlimited emails to arbitrary email addresses from the website. [Read more]

29 Mar 2019

Cross-Site Request Forgery (CSRF)/Email Sending Vulnerability in SMTP Mailer

Yesterday one of the 1,000 most popular WordPress plugins, SMTP Mailer, was closed on the Plugin Directory. We are not following why it appears to be closed, as subsequent to the closure a new version was released with the following accurate chagelog entry, “SMTP Mailer no longer shows the saved password in the settings.”, and the plugin was reopened. Seeing as the password was shown on a page normally only accessible by Administrators and they normally have the ability to just about anything it isn’t clear what the issue was here that would justify the closure. When we went to try to get a better understanding of that we noticed there is a clear security vulnerability in the most recent version of the plugin, which could allow an attacker to cause logged in WordPress Administrators to send out emails without intending it.

When we went to look at the settings page we saw there also was a tab for sending a “Test Email”: [Read more]