Description
WordPress Plugin Post SMTP-WP SMTP with Email Logs & Mobile App for Failure Alerts-Any SMTP Plus Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES, Postmark is prone to a server-side request forgery vulnerability. An attacker may leverage this issue to make the vulnerable server perform port scanning of hosts in internal or external networks; other attacks are also possible. WordPress Plugin Post SMTP-WP SMTP with Email Logs & Mobile App for Failure Alerts-Any SMTP Plus Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES, Postmark version 2.1.6 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.1.7 or latest
References
https://sploitus.com/exploit?id=WPEX-ID:DC99AC40-646A-4F8E-B2B9-DC55D6D4C55C
https://plugins.svn.wordpress.org/post-smtp/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin Content Grabber Multiple Vulnerabilities (1.0)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-6105)
MySQL CVE-2022-21289 Vulnerability (CVE-2022-21289)
Jboss EAP Missing Authorization Vulnerability (CVE-2019-10184)
Apache Tomcat Incorrect Default Permissions Vulnerability (CVE-2020-8022)