Support » Plugin: WP SMTP » One of most dangerous plugins in the whole world for wordpress

  • This plugin was responsible of the largest data breaching in Mossack Fonseca’s wordpress website. wordfence states something like this. so please don’t use this plugin if you care about the security of your website.

    MF are running the WP SMTP plugin which gives you the ability to send mail from your website via a mail server. This plugin stores email server address and login information in plain text in the WordPress database. The login information stored is a mail server SMTP login for sending email. Here is a screenshot showing the login information for this plugin appearing in a database as plain text on one of our test servers:

  • The topic ‘One of most dangerous plugins in the whole world for wordpress’ is closed to new replies.