Vulnerability in Gravity SMTP WordPress Plugin Targeted by Hackers

BleepingComputer · 2026-06-19 · security

Hackers are taking advantage of an unauthenticated information disclosure vulnerability found in the Gravity SMTP plugin for WordPress. This plugin is active on approximately 100,000 websites, making it a significant target for threat actors looking to exploit the flaw.

The vulnerability allows attackers to access sensitive information without needing authentication, which raises concerns about the security of the affected sites. Website administrators using this plugin are advised to take immediate action to mitigate potential risks and protect their systems from exploitation.

Why it matters for certification candidates

This news highlights the importance of cybersecurity awareness for those pursuing IT certifications, especially in tracks like CompTIA Security+ and Certified Ethical Hacker (CEH). Understanding vulnerabilities and their implications is crucial for maintaining secure systems.

Original reporting: BleepingComputer