Which versions of the plugin are affected?
Version 1.3.9 is the version that is affected by vulnerability. The new “export/import” feature that was added in that version caused the issue.
What to do to fix the issue?
Update Easy WP SMTP plugin to the latest version (which is 18.104.22.168 at the moment), it has this vulnerability fixed. Change your WP administrator and your SMTP email passwords.
What to do if my site was hacked?
The best way would be restoring a backup copy of your website that was made prior to the hack. After it is done, make sure you upgrade all plugins to the latest versions, including Easy WP SMTP. Then change your WP administrator and your SMTP email passwords.
If you don’t have a backup copy, please read below.
How to clean my website of malicious stuff potentially left by hackers?
If you don’t have a backup copy of your website which was made prior to the hack, then this is what you should do:
Change your WP administrator and SMTP email passwords;
Go to WP Dashboard -> Users and look for suspicious users with administrative role (Administrator, Editor etc) which were not created by you. Deactivate or delete them;
Install WordFence or All In One WP Security & Firewall or similar security plugin and make a scan of your website for changed files;
Make sure your website is backed up automatically on schedule, there are plugins that allow you to do so.
Also please read the following resources:
- The topic ‘Vulnerability in plugin version 1.3.9’ is closed to new replies.