Attackers are already targeting a vulnerability in the Post SMTP plugin that allows them to fully compromise an account and website for nefarious purposes.
First seen on darkreading.com
Jump to article: www.darkreading.com/vulnerabilities-threats/critical-site-takeover-flaw-400k-wordpress-sites
