Lucene search
K

9 matches found

Nuclei
Nuclei
added yesterday27 views

Gravity SMTP WordPress Plugin - Sensitive Information Exposure

Gravity SMTP WordPress plugin = 2.1.4 contains a sensitive information exposure caused by an unrestricted REST API endpoint at /wp-json/gravitysmtp/v1/tests/mock-data, letting unauthenticated attackers retrieve detailed system configuration data, exploit requires no authentication. id:...

7.5CVSS6.1AI score0.39704EPSS
Exploits2References3
Patchstack
Patchstack
added 2026/04/13 10:29 a.m.5 views

WordPress Gravity SMTP plugin <= 2.1.4 - Missing Authorization to Authenticated (Subscriber+) Plugin Uninstall vulnerability

Missing Authorization to Authenticated Subscriber+ Plugin Uninstall vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin Gravity SMTP versions = 2.1.4...

7.1CVSS5.8AI score0.00251EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/04/10 12:31 p.m.3 views

EUVD-2026-21356

The Gravity SMTP plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access a...

7.1CVSS5.8AI score0.00251EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/10 9:25 a.m.2 views

CVE-2026-4162

The Gravity SMTP plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access a...

7.1CVSS5.8AI score0.00251EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/03/31 7:2 a.m.8 views

WordPress Gravity SMTP plugin <= 2.1.4 - Unauthenticated Sensitive Information Exposure via REST API vulnerability

Unauthenticated Sensitive Information Exposure via REST API vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin Gravity SMTP versions = 2.1.4...

7.5CVSS5.9AI score0.39704EPSS
Exploits2References1Affected Software1
EUVD
EUVD
added 2026/03/31 3:31 a.m.4 views

EUVD-2026-17277

The Gravity SMTP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4. This is due to a REST API endpoint registered at /wp-json/gravitysmtp/v1/tests/mock-data with a permissioncallback that unconditionally returns true, allowing any...

7.5CVSS5.9AI score0.39704EPSS
Exploits2References8
ATTACKERKB
ATTACKERKB
added 2026/03/31 1:24 a.m.2 views

CVE-2026-4020

The Gravity SMTP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4. This is due to a REST API endpoint registered at /wp-json/gravitysmtp/v1/tests/mock-data with a permissioncallback that unconditionally returns true, allowing any...

7.5CVSS5.9AI score0.39704EPSS
Exploits2References8
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.10 views

PT-2026-29181

Name of the Vulnerable Software and Affected Versions Gravity SMTP versions prior to 2.1.5 Description A sensitive information exposure issue exists in the Gravity SMTP plugin for WordPress, affecting approximately 100,000 sites. The flaw is caused by a REST API endpoint registered at...

7.5CVSS6AI score0.39704EPSS
Exploits2References57
VulnCheck KEV
VulnCheck KEV
added 2026/03/31 12:0 a.m.30 views

VulnCheck KEV: CVE-2026-4020

The Gravity SMTP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4. This is due to a REST API endpoint registered at /wp-json/gravitysmtp/v1/tests/mock-data with a permissioncallback that unconditionally returns true, allowing any...

7.5CVSS5.8AI score0.39704EPSS
In wildExploits2References8
Rows per page
Query Builder