via pluginvulnerabilities.com => original post link
Often when we review claims about vulnerabilities in WordPress plugins, we find that the issues have only been partially addressed. That is the case with a vulnerability in the plugin POST SMTP, which has 300,000+ installs. The plugin vulnerability data provider WPScan released a rather vague report about a vulnerability in that in June. It lacks a lot of information, like what the vulnerable code is or how it was fixed. It does contain this note:
Note: The AJAX actions are also affected by SQL injections, making the issue easier to exploit by being able to choose which email to resend, for example the latest email related to a password reset [Read more]