WordPress Easy WP SMTP zero-day potentially exposes hundreds of thousands of sites to hack
The zero-day vulnerability affects WP SMTP 1.4.2 and earlier versions, it resides in a feature that creates debug logs for all emails sent by the site and store them in the installation folder.