Detections
Analytics

Gravity SMTP Plugin for WordPress < 2.1.5 Sensitive Information Exposure

high Web App Scanning Plugin ID 115271

Synopsis

Gravity SMTP Plugin for WordPress < 2.1.5 Sensitive Information Exposure

Description

The WordPress Gravity SMTP Plugin installed on the remote host is affected by an unauthenticated sensitive information exposure due to a REST API endpoint registered at '/wp-json/gravitysmtp/v1/tests/mock-data' with a permission_callback that unconditionally returns true, allowing any unauthenticated visitor to access it. This makes it possible for unauthenticated attackers to retrieve detailed system configuration data including PHP version, loaded extensions, web server version, document root path, database server type and version, WordPress version, all active plugins with versions, active theme, WordPress configuration details, database table names, and any API keys/tokens configured in the plugin.

Solution

Upgrade to Gravity SMTP Plugin for WordPress 2.1.5 or later.

See Also

https://docs.gravitysmtp.com/gravity-smtp-changelog/

https://www.gravityforms.com/gravity-smtp/

Plugin Details

Severity: High

ID: 115271

Type: Check Based

Published: 6/23/2026

Updated: 6/23/2026

Scan Template: basic, full, pci, scan

Risk Information

VPR

Risk Factor: Medium

Score: 6.1

CVSS v2

Risk Factor: High

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

CVSS Score Source: CVE-2026-4020

CVSS v3

Risk Factor: High

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS Score Source: CVE-2026-4020

Vulnerability Information

CPE: cpe:2.3:a:pronamic:gravitysmtp:*:*:*:*:*:wordpress:*:*

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/26/2026

Vulnerability Publication Date: 3/30/2026

Reference Information

CVE: CVE-2026-4020