Unauthenticated Admin Password Reset vulnerability found by mathieg2 in WordPress Easy WP SMTP plugin (versions <= 1.4.2).
Update the WordPress Easy WP SMTP plugin to the latest available version (at least 1.4.3).
Attention! Please make sure you have a directory listing disabled since it could play its role in other attacks. We suggest you delete an old log file and let the plugin generate the new one with a new unique file name.
Type Information Disclosure OWASP Top 10 A6: Sensitive Data Exposure