ShellCodeX Intelligence Brief
HIGH
Vulnerabilities
Gravity SMTP WordPress plugin flaw enables leakage of API keys and tokens
Source headline: Attackers Exploit Gravity SMTP Plugin Flaw to Harvest Valuable WordPress Data
Threat level
High
Signal strength
75/100
Source confidence
1 source
Published
2 hours ago
Intelligence Summary
Attackers are abusing a vulnerability in the Gravity SMTP WordPress plugin to obtain sensitive data. Affected plugin versions can expose API keys, secrets, access tokens, and server information. Leaked credentials may allow further compromise of WordPress instances or connected services. The risk is elevated because the stolen data can be reused for authenticated access. Site owners should verify whether their Gravity SMTP plugin is vulnerable and apply the vendor’s recommended fix or mitigation.
Recommended Action
Review affected assets, schedule urgent remediation, and monitor related indicators.
Topics
Original reporting
SecurityWeek
Attackers Exploit Gravity SMTP Plugin Flaw to Harvest Valuable WordPress Data
Open original source
