ShellCodeX
Tools • Events • News • Insights
ShellCodeX Intelligence Brief
HIGH Vulnerabilities

Gravity SMTP WordPress plugin leaks data without authentication, attackers abuse bug

Source headline: Hackers exploit info disclosure bug in Gravity SMTP WordPress plugin

Threat level High
Signal strength 75/100
Source confidence 1 source
Published 2 hours ago

Intelligence Summary

Attackers are actively exploiting an unauthenticated information disclosure flaw in the Gravity SMTP WordPress plugin. The issue allows exposure of sensitive data because it can be triggered without valid credentials. The plugin is deployed on a large number of WordPress sites, increasing the potential impact. Successful exploitation can reveal information that may help further compromise or targeted attacks. Site owners should check for available plugin updates and verify that their Gravity SMTP installation is patched and no longer exposed.

Recommended Action

Review affected assets, schedule urgent remediation, and monitor related indicators.

Topics

#exploitation #unauthenticated #wordpress #gravity-smtp #info-disclosure
Original reporting BleepingComputer Hackers exploit info disclosure bug in Gravity SMTP WordPress plugin
Open original source

Related Pulse Signals

View all signals
Critical · Vulnerabilities CISA warns agencies to patch actively exploited Splunk Enterprise flaws by Sunday High · Vulnerabilities Apple patches CVE-2025-20701 in Beats Studio Buds Bluetooth audio pairing Critical · Vulnerabilities Splunk Enterprise CVE-2026-20253 enables unauthenticated RCE shortly after disclosure Critical · Vulnerabilities F5 ships out-of-band updates to fix critical NGINX code execution flaws