## https://sploitus.com/exploit?id=WPEX-ID:BEDDA2A9-6C52-478E-B17A-7A4488419334
Install the plugin and configure any mailer other than Default.
Access the wp-admin area with a Subscriber+ user and monitor the traffic using your preferable tool.
Look for var yaySmtpWpData = in the HTTP Response and you'll find all the leaked credentials.