ZDNet

Zero-day in WordPress SMTP plugin abused to reset admin account passwords

Hackers are resetting passwords for admin accounts on WordPress sites using a zero-day vulnerability in a popular WordPress plugin installed on more than 500,000 sites. The zero-day was used in ...
Bleeping Computer

Post SMTP plugin flaw exposes 200K WordPress sites to hijacking attacks

More than 200,000 WordPress websites are using a vulnerable version of the Post SMTP plugin that allows hackers to take control of the administrator account. Post SMTP is a popular email delivery ...
Bleeping Computer

Hackers exploit WordPress plugin Post SMTP to hijack admin accounts

Threat actors are actively exploiting a critical vulnerability in the Post SMTP plugin installed on more than 400,000 WordPress sites, to take complete control by hijacking administrator accounts.
The Free Press Journal

Over 4 Lakh WordPress Websites At Risk Due To Plugin Vulnerability, Email Data Could Be Exposed

A critical vulnerability in the Post SMTP Mailer plugin has exposed more than 400,000 WordPress websites to potential security breaches. The flaw, identified as an account takeover vulnerability, ...
TechRadar

Dangerous WordPress plugin puts over 160,000 sites at risk - here's what we know

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. A popular WordPress plugin with hundreds of thousands of active installations carried a ...
CSOonline

WordPress plugin hole enables account takeover

What makes this now-patched plugin hole especially dangerous is the lack of authentication needed for an attack, which can give the ability to change root/admin passwords. The disclosure of a major ...