Type Juggling Leads to Two Vulnerabilities in POST SMTP Mailer WordPress Plugin

On December 14th, 2023, during our Bug Bounty Program Holiday Bug Extravaganza, we received a submission for an Authorization Bypass vulnerability in POST SMTP Mailer, a WordPress plugin with over 300,000+ active installations. This vulnerability makes it possible for unauthenticated threat actors to reset the API key used to authenticate to the mailer and view logs, including password reset emails on WordPress sites that use this plugin. We also received another submission shortly after for an Unauthenticated Stored Cross-Site Scripting vulnerability in POST SMTP Mailer plugin from another researcher. This vulnerability enables threat actors to inject malicious web scripts into pages. Special props to Ulyses Saicha and Sean Murphy, who discovered and responsibly reported these vulnerabilities through the Wordfence Bug Bounty Program. These researchers respectively earned bounties of $4,125 and $825 for their discoveries during our Bug Bounty Program Extravaganza. Wordfence Premium, Wordfence Care, and Wordfence Response users received a firewall rule to protect against any exploits targeting these vulnerabilities on January 3, 2024. Sites still using the free version of Wordfence will receive the same protection on February 2, 2024. We contacted WPExperts.io on December 8, 2023 for a separate vulnerability, and received a response on December 10, 2023. After providing full disclosure details, the developer released a patch on January 1, 2024. We would like to commend the…Read More