CVE-2026-4020 Scanner

The Gravity SMTP WordPress Plugin is commonly used on WordPress websites to configure SMTP settings for email delivery, ensuring reliable email communication. It is widely utilized by website administrators and developers to enhance email delivery reliability and security. It integrates seamlessly with existing WordPress installations, allowing users to set up and manage their SMTP configurations. This plugin is essential for WordPress sites relying on transactional and notification emails, providing better deliverability compared to built-in PHP mail functions. It supports various SMTP services allowing site owners to select their preferred email delivery method. Overall, the plugin plays a crucial role in the email management infrastructure of WordPress sites.

The Information Disclosure vulnerability in the Gravity SMTP WordPress Plugin manifests through an unrestricted REST API endpoint. This unprotected endpoint allows unauthenticated attackers to retrieve sensitive information. The vulnerability can expose detailed system configuration data, potentially leading to more severe exploits. As it affects versions up to and including 2.1.4, it is imperative to address this issue to maintain system integrity. The specifics of this vulnerability underline the importance of configuring secure REST API access permissions. Consequently, developers and admins must be vigilant in applying patches promptly.

Technical details highlight a REST API endpoint, '/wp-json/gravitysmtp/v1/tests/mock-data', which lacks proper access controls. This vulnerability is exploited by sending a GET request to the endpoint, returning JSON-formatted data. The response contains confidential configuration details like 'gravitysmtp_admin_config', 'system_report_clipboard', and 'feature_flags'. A successful attack requires no authenticated session and depends solely on accessible endpoints on the victim's server. Responses with 200 status codes signify vulnerability presence, further evidenced by specific keywords within the body part of HTTP responses.

If exploited, attackers could perform reconnaissance to gather sensitive information vital for orchestrating subsequent attacks, increasing potential system security compromises. Information potentially exposed includes admin configurations, contributing to vulnerabilities like privilege escalation. Worse case scenarios involve attackers leveraging the gathered configuration details to infiltrate or disrupt other connected systems. System integrity becomes at risk through information leakage. Thus, protecting this data from falling into malicious hands ensures a holistic defense against sophisticated multiphase attacks.

REFERENCES

• https://patchstack.com/database/vulnerability/wordpress-gravity-smtp-plugin-2-1-4-unauthenticated-sensitive-information-exposure-via-rest-api-vulnerability
• https://www.wordfence.com/threat-intel/vulnerabilities/id/12a296db-ecc0-409b-8718-0c208504053a?source=cve
• https://nvd.nist.gov/vuln/detail/CVE-2026-4020