CVE-2019-25141

Name of the Vulnerable Software and Affected Versions Easy WP SMTP plugin for WordPress versions up to, and including, 1.3.9

Description The issue is due to missing capability checks on the admin init() function, in addition to insufficient input validation. This allows unauthenticated attackers to modify the plugin's settings and arbitrary options on the site, which can be used to inject new administrative user accounts.

Recommendations For versions up to, and including, 1.3.9, update to a version higher than 1.3.9 to resolve the issue. As a temporary workaround, consider disabling the admin init() function until a patch is available.