The WP Mail SMTP plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 4.0.1. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
WordPress
Information Disclosure
NVD
CVSS 3.1
2.7
EPSS
0.6%