Critical Site Takeover Flaw Affects 400K WordPress Sites

Attackers are already targeting a vulnerability in the Post SMTP plugin that allows them to fully compromise an account and website for nefarious purposes.