Vulnerable Plugin Leaves Over 150,000 WordPress Websites Exposed to Takeovers

Researchers discovered two new vulnerabilities affecting a popular WordPress plugin that could let attackers take over impacted websites completely. The flaws affect the POST SMTP Mailer WordPress plugin, a widely used email delivery tool installed on some 300,000 websites. According to Wordfence security researchers Sean Murphy and Ulysses Saicha, who made the discovery, the shortcoming could let threat actors reset the mailer’s authentication API key and view logs, including password reset e