all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Type Juggling Leads to Two Vulnerabilities in POST SMTP Mailer WordPress Plugin

Add to bookmarks
Jan. 10, 2024, 4:01 p.m. | István Márton

Wordfence www.wordfence.com

On December 14th, 2023, during our Bug Bounty Program Holiday Bug Extravaganza, we received a submission for an Authorization Bypass vulnerability in POST SMTP Mailer, a WordPress plugin with over 300,000+ active installations. This vulnerability makes it possible for unauthenticated threat actors to reset the API key used to authenticate to the mailer and view ...
Read More


The post Type Juggling Leads to Two Vulnerabilities in POST SMTP Mailer WordPress Plugin appeared first on Wordfence.

api authorization bounty bug bug bounty bug bounty program bypass bypass vulnerability december holiday key plugin program research reset smtp submission threat threat actors unauthenticated vulnerabilities vulnerability wordpress wordpress plugin wordpress security

Visit resource

More from www.wordfence.com / Wordfence

$197 Bounty Awarded for Unauthenticated Arbitrary Post Deletion Vulnerability Patched in LeadConnector WordPress Plugin 2 days, 10 hours ago | www.wordfence.com
bounty bug bug bounty deletion +16
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 15, 2024 to April 21, 2024) 6 days, 10 hours ago | www.wordfence.com
april bounty bug bug bounty +17
$493 Bounty Awarded for Arbitrary Options Update Vulnerability Patched in WP Datepicker WordPress Plugin 1 week, 1 day ago | www.wordfence.com
april bounty bug bug bounty +16
$2,063 Bounty Awarded for Privilege Escalation Vulnerability Patched in User Registration WordPress Plugin 1 week, 5 days ago | www.wordfence.com
bounty bug bug bounty disclosure +18
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 8, 2024 to April 14, 2024) 1 week, 6 days ago | www.wordfence.com
april bounty bug bug bounty +17
$400 Bounty Awarded for SQL Injection Vulnerability Patched in WP Activity Log Premium WordPress Plugin 2 weeks ago | www.wordfence.com
activity log bounty bug bug bounty +21
$1,250 Bounty Awarded for Unauthenticated SQL Injection Vulnerability Patched in Email Subscribers by Icegram Express … 2 weeks, 2 days ago | www.wordfence.com
bounty bug bug bounty can +19
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 1, 2024 to April 7, 2024) 2 weeks, 6 days ago | www.wordfence.com
april bounty bug bug bounty +17
Unauthenticated Stored Cross-Site Scripting Vulnerability Patched in WordPress Core 3 weeks ago | www.wordfence.com
april block bug cross-site +13

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Security Engineer II- Full stack Java with React

@ JPMorgan Chase & Co. | Hyderabad, Telangana, India
View on infosec-jobs.com

Cybersecurity SecOps

@ GFT Technologies | Mexico City, MX, 11850
View on infosec-jobs.com

Senior Information Security Advisor

@ Sun Life | Sun Life Toronto One York
View on infosec-jobs.com

Contract Special Security Officer (CSSO) - Top Secret Clearance

@ SpaceX | Hawthorne, CA
View on infosec-jobs.com

Early Career Cyber Security Operations Center (SOC) Analyst

@ State Street | Quincy, Massachusetts
View on infosec-jobs.com
View more jobs