The changelog for the latest version of Easy WP SMTP is “Fixed potential vulnerability in import\export settings.”, which turns out to relate to multiple vulnerabilities. Looking at the changes made in that version the first thing we saw was an information disclosure vulnerability that provided anyone access to the debug log for the plugin, though that logging is not enabled by default.

…

[Read more]