Signal

Attackers exploit Gravity SMTP WordPress plugin flaw to leak sensitive data

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-06-22 11:45 UTCUpdated 2026-06-22 14:54 UTC

rss

vulnerabilitywordpressplugindata_leaksecurity

Trend in the last 24h

Current brief openSource links open

This current signal is open on the public brief with summary, metadata, source links, and full evidence. Pro adds compare-over-time, alerts, exports, and workflow.

Back Evidence (2)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (2 domains)

2 top sources shown

WordPress plugin Gravity SMTP exploited for sensitive information disclosure

SC Media · scworld.com · 2026-06-22 14:54 UTC

SecurityWeek report on Gravity SMTP plugin flaw exploitation

securityweek.com · securityweek.com · 2026-06-22 11:45 UTC

limited source diversity in top sources

View all evidence

Overview

A vulnerability in the Gravity SMTP WordPress plugin exposes an unsecured REST API endpoint that attackers are exploiting to harvest sensitive information including API keys, secrets, tokens, and server details.

Entities

Gravity SMTPWordPress

Score total

1.02

Momentum 24h

Posts

Origins

Source types

Duplicate ratio

Why now

Active exploitation of the Gravity SMTP plugin vulnerability has been observed.
The exposed REST API endpoint allows immediate unauthorized data disclosure.
Site administrators need urgent awareness to mitigate ongoing risks.

Why it matters

Exploitation leads to leakage of sensitive API keys and tokens, risking further compromise.
WordPress sites using Gravity SMTP plugin are vulnerable to unauthorized data access.
Prompt patching is critical to prevent attackers from harvesting valuable site information.

LLM analysis

Topic mix: lowPromo risk: lowSource quality: medium

Recurring claims

Gravity SMTP WordPress plugin has a vulnerability exposing sensitive data via an exposed REST API endpoint

How sources frame it

SecurityWeek: neutral
SC Media: neutral

All evidence

SecurityWeek report on Gravity SMTP plugin flaw exploitation

securityweek.com · securityweek.com · 2026-06-22 11:45 UTC

WordPress plugin Gravity SMTP exploited for sensitive information disclosure

SC Media · scworld.com · 2026-06-22 14:54 UTC

Show filters & breakdown

Posts loaded: 0Publishers: 2Origin domains: 2Duplicates: -

Platform

Publisher

Origin domain

Relevance tier

Duplicates only

Showing 2 / 0

Top publishers (this list)

securityweek.com (1)
SC Media (1)

Top origin domains (this list)

securityweek.com (1)
scworld.com (1)