PDF Resume Parser WordPress Plugin Sensitive Information Exposure Vulnerability

A vulnerability allowing sensitive information exposure has been identified in the PDF Resume Parser plugin for WordPress, affecting all versions through 1.0. The issue arises from the plugin's AJAX action handler, which is accessible to unauthenticated users. This handler exposes SMTP configuration data, including credentials, from the WordPress configuration. As a result, unauthenticated attackers can extract sensitive SMTP credentials (username and password), potentially compromising email accounts and gaining unauthorized access to other systems using the same credentials.

Impact

Exploitation of this vulnerability allows unauthenticated users to access sensitive SMTP credentials from the WordPress configuration, which could be used to compromise email accounts and possibly gain unauthorized access to other systems using the same credentials.

Reproduction

The vulnerability can be reproduced by sending a request to the WordPress site's admin-ajax.php file, targeting the 'pdfrp_get_smtp_settings' action. This request can be made without authentication, and it will return the SMTP settings, including the username and password, if the PDF Resume Parser plugin is installed and active.

Remediation

No known patch is available. It is recommended to uninstall the affected plugin and find a replacement.