THE page discusses a critical vulnerability in the Gravity SMTP plugin, tracked as CVE-2026-4020, which currently has a CVSS score of 7.5. The vulnerability allows unauthenticated attackers to access sensitive information via a flawed REST API endpoint. The exploitation of this flaw has already seen over 17 million blocked attempts.
The page details the risks associated with the exposure of sensitive data, including live API credentials, and urges WordPress site administrators to update to version 2.1.5 of the plugin immediately to mitigate risks. It highlights the urgent need for credential rotation for all affected services and monitoring of server logs for suspicious activity. The security threat is ongoing, with a significant spike in exploitation attempts observed recently.