Finsand

**Name of the Vulnerable Software and Affected Versions** The Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin versions prior to 2.3.1 **Description** The plugin is vulnerable to information exposure due to providing the SMTP password in the SMTP Password field when viewing the settings. This allows authenticated attackers with administrative-level access and above to view the SMTP password for the supplied server. Although this information may not be useful to attackers in most cases, it could be valuable if an administrator account becomes compromised in a limited environment. **Recommendations** For versions prior to 2.3.1, update to version 2.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the SMTP Password field to minimize the risk of exploitation.