Description
WordPress Plugin POST SMTP Mailer-Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress is prone to a server-side request forgery vulnerability. An attacker may leverage this issue to make the vulnerable server perform port scanning of hosts in internal or external networks; other attacks are also possible. WordPress Plugin POST SMTP Mailer-Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress version 2.1.6 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.1.7 or latest
References
https://sploitus.com/exploit?id=WPEX-ID:DC99AC40-646A-4F8E-B2B9-DC55D6D4C55C
https://plugins.svn.wordpress.org/post-smtp/trunk/readme.txt
Related Vulnerabilities
Internet Information Services Uncontrolled Resource Consumption Vulnerability (CVE-2009-2521)
Joomla Improper Input Validation Vulnerability (CVE-2006-4468)
WordPress Plugin Download Monitor Unspecified Vulnerability (1.9.6)
Dolphin Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2008-3167)