Zero-day in WordPress SMTP plugin abused to reset admin account passwords | ZDNet
Cybercriminals are resetting passwords for admin accounts on WordPress sites applying a zero-working day vulnerability in a preferred WordPress plugin installed on much more than 500,000 internet sites.
