Easy WP SMTP, a WordPress plugin for email management, has a vulnerability that could open the site up to takeover, researchers said. The plugin allows users to configure and send all outgoing emails via a SMTP server. It is located inside the plugin s installation folder, /WP-content/plugins/easy-WP-smtp/ . Researchers at GBHackers said the plugin’s debug log is where the plugin writes all email messages (headers and body) sent by the website.
Source: https://threatpost.com/easy-wp-smtp-security-bug/162301/