The WordPress Easy WP SMTP Plugin installed on the remote host is affected by an object injection vulnerability due to a failure to properly sanitize user-supplied input to the 'swpsmtp_import_settings_file' parameter of the 'wp-admin/admin-ajax.php' script. An unauthenticated, remote attacker can
leverage this issue to escalate privileges and execute arbitrary code on the affected host.

 Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

The Easy WP SMTP Plugin for WordPress running on the remote web server is version 1.3.9. It is, therefore, affected by an unauthenticated remote code execution vulnerability.

The WordPress application running on the remote host has plugins installed.

ID	Name	Product	Family	Published	Updated	Severity
98529	Easy WP SMTP Plugin for WordPress 1.3.9 Remote Code Execution	Web Application Scanning	Component Vulnerability	2019/04/08	2019/04/10	critical
123004	Easy WP SMTP Plugin for WordPress 1.3.9 Unauthenticated Remote Code Execution	Nessus	CGI abuses	2019/03/22	2019/03/22	critical
101842	WordPress Plugin Detection	Nessus	CGI abuses	2017/07/20	2019/09/11	info

Plugins Search