The vulnerability is in a debug log file that is exposed because of a very basic error in how the plugin maintained a folder. Plugin folders on a server that contain files that are not meant to be seen by users usually contain a blank index.html file. The purpose of that file is to keep someone from navigating to that folder and discovering a list of files within that folder.
The Easy WP SMTP Vulnerability plugin maintains what is called a changelog that documents all the changes within each update. The changelog is meant to be read so that a user can understand what an update is changing.
#wordpress #plugin #vulnerability #easy wp smtp #wordpress plugin