Easy WP SMTP < 1.5.0 - Admin+ PHP Objection Injection

Vulnerability

The Easy WP SMTP WordPress plugin versions before 1.5.0 unserializes the content of an imported file without proper sanitization, leading to a PHP object injection vulnerability [1]. This code path is reachable when an administrator imports a file through the plugin's import functionality.

Exploitation

An attacker with administrative privileges (or who can trick an admin into importing a malicious file) crafts a serialized PHP object payload. The plugin unserializes the data, and if a suitable gadget chain exists in the WordPress environment, arbitrary code execution can be achieved [1]. No additional authentication or network position is required beyond admin access.

Impact

Successful exploitation allows the attacker to execute arbitrary PHP code on the server, potentially leading to full site compromise, data exfiltration, privilege escalation, or further attacks on the underlying infrastructure [1]. The impact is critical due to the possibility of remote code execution.

Mitigation

The vulnerability is fixed in version 1.5.0 of the Easy WP SMTP plugin [1]. Users should update to this version immediately. No workarounds are documented, and the plugin is not listed on the CISA Known Exploited Vulnerabilities catalog as of the publication date.