Hackers exploit WordPress plugin Post SMTP to hijack admin accounts
From BleepingComputer to All on Tue Nov 4 16:51:50 2025
Threat actors are actively exploiting a critical vulnerability in the Post SMTP plugin installed on more than 400,000 WordPress sites, to take complete control by hijacking administrator accounts. [...]