Two common WordPress plugins have been exploited

You have probably heard of Easy WP SMTP and Social Warfare and may even be using them. There were exploits found in each plugin which allowed hackers to compromise websites by creating administrative accounts and redirecting traffic. Updates for each plugin have been released; version 1.3.9.1 of Easy WP SMTP and 3.5.3 of Social Warfare.

If you are using either or both plugins, please make sure to either disable the plugin or update it to at least the version(s) mentioned above. You will then want to check your site for additional administrative users that may have been created and remove them. If you find extra administrative users you did not create or your site is redirecting unexpectedly, please let us know and we’ll take a look!

If you are redirected from your site to a page that looks like warnings, errors, or other messages from your Operating System, do not click any of the links and exit the page.

More information about the exploit can be found at:

https://arstechnica.com/information-technology/2019/03/two-serious-wordpress-plugin-vulnerabilities-are-being-exploited-in-the-wild/

As always, please do not hesitate to reach out if you have any questions, especially when site vulnerabilities are involved!