It has been reported that a zero-day WordPress plugin has been exploited in the wild by at least two hacker groups. The vulnerability can be used to change site settings, create admin accounts to use as backdoors and then hijack traffic from the hacked sites.
Satnam Narang, Senior Research Engineer at Tenable:
“According to Web Technology Surveys (w3techs), WordPress has a market share that’s larger than all other content management systems (CMS) combined, as it is used by one third of all websites. Because of its sheer dominance in the CMS space along with the presence of many WordPress plugins, WordPress sites are a ripe target for cybercriminals. In this case, the Easy WP SMTP plugin has over 300,000 active installations and despite the availability of a patch for it, there are reports that attackers continue to target sites running the vulnerable plugin. The vulnerability exists in version 1.3.9 of the plugin, so users running older versions of the plugin are not vulnerable. However, all users, especially those using 1.3.9, should update to the latest version of the plugin, 126.96.36.199 as soon as possible.”