Zero-day in WordPress SMTP plugin abused to reset admin account passwords
Cybercriminals are resetting passwords for admin accounts on WordPress sites using a zero-day vulnerability in a popular WordPress plugin installed on more than 500,000 sites.