Rocketgenius Gravity Smtp vulnerabilities
2 known vulnerabilities affecting rocketgenius/gravity_smtp.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
HIGH2
Vulnerabilities
Page 1 of 1
CVE-2026-4020P1HIGHCVSS 7.5ExploitedPoC≤ 2.1.42026-03-31
CVE-2026-4020 [HIGH] CWE-200 CVE-2026-4020: The Gravity SMTP plugin for WordPress is vulnerable to Sensitive Information Exposure in all version
The Gravity SMTP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4. This is due to a REST API endpoint registered at /wp-json/gravitysmtp/v1/tests/mock-data with a permission_callback that unconditionally returns true, allowing any unauthenticated visitor to access it. When the ?page=gravity
nvd
CVE-2026-4162P3HIGHCVSS 7.1≤ 2.1.42026-04-10
CVE-2026-4162 [HIGH] CWE-862 CVE-2026-4162: The Gravity SMTP plugin for WordPress is vulnerable to Missing Authorization in versions up to, and
The Gravity SMTP plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to uninstall and deactivate the plugin and delete
nvd