Update the WordPress Easy WP SMTP plugin to the latest available version (at least 1.4.3). Attention! Please make sure you have a directory listing disabled since it could play its role in other attacks. We suggest you delete an old log file and let the plugin generate the new one with a new unique file name.
mathieg2 discovered and reported this Sensitive Data Exposure vulnerability in WordPress Easy WP SMTP Plugin. This vulnerability has been fixed in version 1.4.3.