CSO Online

WordPress plugin hole enables account takeover

What makes this now-patched plugin hole especially dangerous is the lack of authentication needed for an attack, which can ...
IEEE

Username-Password Models Beyond Traditional Password Guessability Assessment

Abstract: Passwords are widely used for website authentication, but they are vulnerable to guessing attacks. To measure password guessability, the commonly used approach involves modeling the ...
SecurityWeek

Exploited ‘Post SMTP’ Plugin Flaw Exposes WordPress Sites to Takeover

Many websites exposed to account takeover due to a critical vulnerability in the email delivery WordPress plugin Post SMTP.
Dark Reading

Critical Site Takeover Flaw Affects 400K WordPress Sites

Attackers are already targeting a vulnerability in the Post SMTP plug-in that allows them to fully compromise an account and ...

Hackers exploit WordPress plugin Post SMTP to hijack admin accounts

Threat actors are actively exploiting a critical vulnerability in the Post SMTP plugin installed on more than 400,000 ...

Attacks observed: Vulnerability in WordPress Post SMTP plug-in allows takeover

Attacks are targeting a security vulnerability in the WordPress plug-in Post SMTP. It allows unauthenticated attackers to ...
GitHub

Cannot use SMTP server without authentication?

I am using following settings (redacted my domain): smtp_host smtp.example.com smtp_port 25 root_email [email protected] smtp_from_email [email protected] encrypted_smtp_password NULL (or not ...
GitHub

[BUG] Content filter blocking legitimate SMTP credentials and configuration

The content filter is repeatedly blocking legitimate DevOps work, making automation impossible. Every attempt to handle credentials, configuration files, or even read my own created files triggers ...