Attackers Exploit Gravity SMTP Plugin Flaw to Harvest Valuable WordPress Data
Vulnerable WordPress plugin iterations leak API keys, secrets, tokens, server information, and other data. The post Attackers Exploit Gravity SMTP Plugin Flaw to Harvest Valuable WordPress Data appeared first on SecurityWeek .
AI Analysis
Technical Summary
The Gravity SMTP WordPress plugin versions before 2.1.5 contain a sensitive information exposure vulnerability (CVE-2026-4020) with a CVSS score of 5.3. The vulnerability exists because a REST API endpoint in the plugin's shared configuration library does not enforce authentication or capability checks, allowing any unauthenticated user to query it. When a specific parameter is appended, the endpoint returns a JSON object containing detailed system and configuration data, including PHP and WordPress versions, loaded extensions, server details, database information, active plugins and themes, and configured API keys and tokens for third-party email services. This data leakage enables attackers to send emails on behalf of the compromised site and perform detailed reconnaissance for further exploitation. Exploitation has been observed since early May 2026, with over 17 million exploit attempts blocked by security firm Defiant. The vulnerability is actively exploited in the wild, with a surge in attacks noted in June 2026.
Potential Impact
Attackers can obtain sensitive information such as API keys, OAuth tokens, server configuration, and WordPress details without authentication. This exposure allows unauthorized sending of emails using the compromised site's credentials and facilitates detailed reconnaissance that can lead to further targeted attacks. The data leak compromises the confidentiality of critical credentials and system information, increasing the risk of account takeover, phishing, spam abuse, and subsequent exploitation of other vulnerabilities.
Mitigation Recommendations
An official fix is available in Gravity SMTP plugin version 2.1.5. Site administrators should update to this version immediately. After updating, any API keys, secrets, or OAuth tokens configured for third-party email integrations (e.g., Amazon SES, Google, Mailjet, Resend, Zoho) should be rotated to prevent misuse. Administrators should also review server access logs for requests to the vulnerable REST API endpoint to identify potential exploitation attempts. No other mitigation is indicated by the vendor advisory.
Attackers Exploit Gravity SMTP Plugin Flaw to Harvest Valuable WordPress Data
Description
Vulnerable WordPress plugin iterations leak API keys, secrets, tokens, server information, and other data. The post Attackers Exploit Gravity SMTP Plugin Flaw to Harvest Valuable WordPress Data appeared first on SecurityWeek .
Affected software
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The Gravity SMTP WordPress plugin versions before 2.1.5 contain a sensitive information exposure vulnerability (CVE-2026-4020) with a CVSS score of 5.3. The vulnerability exists because a REST API endpoint in the plugin's shared configuration library does not enforce authentication or capability checks, allowing any unauthenticated user to query it. When a specific parameter is appended, the endpoint returns a JSON object containing detailed system and configuration data, including PHP and WordPress versions, loaded extensions, server details, database information, active plugins and themes, and configured API keys and tokens for third-party email services. This data leakage enables attackers to send emails on behalf of the compromised site and perform detailed reconnaissance for further exploitation. Exploitation has been observed since early May 2026, with over 17 million exploit attempts blocked by security firm Defiant. The vulnerability is actively exploited in the wild, with a surge in attacks noted in June 2026.
Potential Impact
Attackers can obtain sensitive information such as API keys, OAuth tokens, server configuration, and WordPress details without authentication. This exposure allows unauthorized sending of emails using the compromised site's credentials and facilitates detailed reconnaissance that can lead to further targeted attacks. The data leak compromises the confidentiality of critical credentials and system information, increasing the risk of account takeover, phishing, spam abuse, and subsequent exploitation of other vulnerabilities.
Mitigation Recommendations
An official fix is available in Gravity SMTP plugin version 2.1.5. Site administrators should update to this version immediately. After updating, any API keys, secrets, or OAuth tokens configured for third-party email integrations (e.g., Amazon SES, Google, Mailjet, Resend, Zoho) should be rotated to prevent misuse. Administrators should also review server access logs for requests to the vulnerable REST API endpoint to identify potential exploitation attempts. No other mitigation is indicated by the vendor advisory.
Technical Details
- Article Source
- {"url":"https://www.securityweek.com/attackers-exploit-gravity-smtp-plugin-flaw-to-harvest-valuable-wordpress-data/","fetched":true,"fetchedAt":"2026-06-22T11:54:13.492Z","wordCount":1083}
Threat ID: 6a392265eed863c81ebdc26e
Added to database: 06/22/2026, 11:54:13 UTC
Last enriched: 06/22/2026, 11:54:21 UTC
Last updated: 06/22/2026, 20:58:55 UTC
Views: 45
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.