A critical flaw in the popular Post SMTP WordPress plugin allows low-privileged users to access email logs and hijack administrator accounts. With over half of installations still unpatched, this exposes widespread risks in third-party plugin security and update practices.