THREATOPS
THREAT OPSThreat News › Attackers Actively Exploiting Sensitive Information Exposure Vulnerability in Gravity SMTP Plugin

Attackers Actively Exploiting Sensitive Information Exposure Vulnerability in Gravity SMTP Plugin

medwordfencePublished 2026-06-17

<p>On March 30th, 2026, we publicly disclosed a Sensitive Information Exposure vulnerability in <a href="https://www.gravityforms.com/gravity-smtp/" rel="noopener" target="_blank">Gravity SMTP</a>, a WordPress plugin with an estimated 100,000 active installations. This vulnerability can be leveraged by unauthenticated attackers to retrieve detailed system configuration data and, critically, any AP

MITRE ATT&CK techniques

Indicators of compromise

Original source: https://www.wordfence.com/blog/2026/06/attackers-actively-exploiting-sensitive-information-exposure-vulnerability-in-gravity-smtp-plugin/