22 matches found
Gravity SMTP WordPress Plugin - Sensitive Information Exposure
Gravity SMTP WordPress plugin = 2.1.4 contains a sensitive information exposure caused by an unrestricted REST API endpoint at /wp-json/gravitysmtp/v1/tests/mock-data, letting unauthenticated attackers retrieve detailed system configuration data, exploit requires no authentication. id:...
CVE-2026-4162
The Gravity SMTP plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access a...
WordPress Gravity SMTP plugin <= 2.1.4 - Missing Authorization to Authenticated (Subscriber+) Plugin Uninstall vulnerability
Missing Authorization to Authenticated Subscriber+ Plugin Uninstall vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin Gravity SMTP versions = 2.1.4...
EUVD-2026-21356
The Gravity SMTP plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access a...
CVE-2026-4162
The Gravity SMTP plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access a...
CVE-2026-4162
The Gravity SMTP plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access a...
CVE-2026-4162 Gravity SMTP <= 2.1.4 - Missing Authorization to Authenticated (Subscriber+) Plugin Uninstall
The Gravity SMTP plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access a...
CVE-2026-4162
CVE-2026-4162 affects the Gravity SMTP WordPress plugin up to and including version 2.1.4 . The issue is Missing Authorization where an authenticated user with subscriber-level access (or higher) can uninstall and deactivate the plugin and delete plugin options. The vulnerability can also be expl...
CVE-2026-4162 Gravity SMTP <= 2.1.4 - Missing Authorization to Authenticated (Subscriber+) Plugin Uninstall
The Gravity SMTP plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access a...
WordPress plugin Gravity SMTP 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-31907
Name of the Vulnerable Software and Affected Versions Gravity SMTP plugin for WordPress versions up to and including 2.1.4 Description The Gravity SMTP plugin for WordPress does not properly verify user authorization, allowing authenticated attackers with subscriber-level access or higher to...
CVE-2026-4020
The Gravity SMTP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4. This is due to a REST API endpoint registered at /wp-json/gravitysmtp/v1/tests/mock-data with a permissioncallback that unconditionally returns true, allowing any...
WordPress Gravity SMTP plugin <= 2.1.4 - Unauthenticated Sensitive Information Exposure via REST API vulnerability
Unauthenticated Sensitive Information Exposure via REST API vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin Gravity SMTP versions = 2.1.4...
EUVD-2026-17277
The Gravity SMTP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4. This is due to a REST API endpoint registered at /wp-json/gravitysmtp/v1/tests/mock-data with a permissioncallback that unconditionally returns true, allowing any...
CVE-2026-4020
The Gravity SMTP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4. This is due to a REST API endpoint registered at /wp-json/gravitysmtp/v1/tests/mock-data with a permissioncallback that unconditionally returns true, allowing any...
CVE-2026-4020 Gravity SMTP <= 2.1.4 - Unauthenticated Sensitive Information Exposure via REST API
The Gravity SMTP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4. This is due to a REST API endpoint registered at /wp-json/gravitysmtp/v1/tests/mock-data with a permissioncallback that unconditionally returns true, allowing any...
CVE-2026-4020
Gravity SMTP for WordPress versions up to 2.1.4 exposes a REST endpoint at /wp-json/gravitysmtp/v1/tests/mock-data whose permission_callback always returns true, allowing unauthenticated access. When the ?page=gravitysmtp-settings parameter is used, register_connector_data() populates internal da...
CVE-2026-4020
The Gravity SMTP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4. This is due to a REST API endpoint registered at /wp-json/gravitysmtp/v1/tests/mock-data with a permissioncallback that unconditionally returns true, allowing any...
CVE-2026-4020 Gravity SMTP <= 2.1.4 - Unauthenticated Sensitive Information Exposure via REST API
The Gravity SMTP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4. This is due to a REST API endpoint registered at /wp-json/gravitysmtp/v1/tests/mock-data with a permissioncallback that unconditionally returns true, allowing any...
VulnCheck KEV: CVE-2026-4020
The Gravity SMTP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4. This is due to a REST API endpoint registered at /wp-json/gravitysmtp/v1/tests/mock-data with a permissioncallback that unconditionally returns true, allowing any...