WordPress plugin YaySMTP has a vulnerability that allows for Stored Cross-Site Scripting attacks through email contents. This means that attackers can inject malicious scripts into emails, potentially leading to unauthorized access or the manipulation of sensitive data. Users of this plugin should update to the latest version as soon as possible to ensure their website's security.