The Easy WP SMTP plugin has a vulnerability that will allow a hacker to create a new admin level account to your WordPress website.
What does this mean?
It means they can do anything you can do. They can:
- Create content
- Lock you out
- Add or delete anything
- Upload malware or viruses
- Upload a backdoor to your server
- Really mess with your website in any way that they want
If you are using this plugin you need to update it immediately. There is a patch that will correct to problem, but you must get the update to be protected.
Once you update the plugin go to your User area and verify that there have not been any user added. If there have been – delete them immediately. Also go to Settings | General and be sure the default user level is Subscriber. If it is not then change it to Subscriber. If either of these settings needed to be changed your site is infected with something. I would get it scanned for malware and viruses and get any issues fixed.
If you are using my Managed WordPress Hosting then this has all been done for you – you do not need to worry.