Monday 9 October 2017

WordPress Sites Vulnerable By Leak Into Postman SMTP Plug-In



Over 100,000 WordPress sites are vulnerable due to a vulnerability in the Postman SMTP plug-in, and a developer security update is not yet available. Postman is an SMTP mailer that helps send emails generated by the WordPress site.

The plug-in is vulnerable to reflected cross-site scripting, which allows an attacker to steal the content of cookies from, for example, the administrator, according to security company White Fir. Due to the unpatched vulnerability, WordPress decided to remove the plug-in from the database with available plug-ins on WordPress.org . Meanwhile, GitHub has published a patched version of Postman, but it has not been developed by the original author. The original developer would have been informed about the problem.

No comments:

Post a Comment