Security Vulnerability in Gravity SMTP WordPress Plugin Exploited

An unauthenticated information disclosure vulnerability in the Gravity SMTP plugin for WordPress is currently being exploited by attackers. This vulnerability affects an estimated 100,000 websites that have the plugin installed. The security flaw allows threat actors to extract sensitive information without needing to authenticate. The vulnerability has been classified as CVE-2026-1234 and affects versions of the plugin released before June 15, 2026.

Security researchers have noted that attacks have increased since the vulnerability was disclosed. Attackers are using automated tools to specifically search for affected websites. Operators of websites using the Gravity SMTP plugin are urgently advised to check their installations and update to the latest version. The developers of the plugin have already released an update that addresses the security vulnerability. Users should ensure they are using version 2.0.1 or higher to protect against potential attacks.

The vulnerability allows attackers to obtain information such as SMTP server details and other configuration data. This information can be used for further attacks or to compromise email accounts. Experts warn that exploiting this vulnerability could pose a significant security risk to the affected websites. The WordPress community has responded to the threat and recommends regularly updating all plugins. Security researchers emphasize that many attacks are due to outdated software versions.

Utilizing security plugins and conducting regular security audits can help mitigate such risks. In addition to technical measures, website operators should also inform their users about the risks. Raising awareness of security issues can help users recognize suspicious activities more quickly. The combination of technical security and user education is crucial to ensuring the integrity of websites. The attacks on the Gravity SMTP plugin are part of a larger trend where attackers specifically search for vulnerabilities in widely used software.

The number of attacks on WordPress plugins has increased in recent years, underscoring the need for security updates and reviews. According to a recent study, 65% of all WordPress security incidents are attributed to outdated plugins. The developers of the Gravity SMTP plugin have announced plans to focus more on security reviews in the future. This includes regular audits and the implementation of security standards to prevent similar incidents. The community is encouraged to provide feedback and report potential security issues.

The CVE-2026-1234 vulnerability is an example of the challenges faced by the WordPress community. Given the widespread use of WordPress as a content management system, it is crucial for both developers and users to take proactive measures. The current situation highlights the importance of security awareness and regular updates. The developers released the update to address the security vulnerability on June 20, 2026. Users should ensure they have the latest version of the plugin installed to protect against potential attacks.