Sensitive Information Exposure in Gravity SMTP Plugin for WordPress

CVE-2026-4020

What is CVE-2026-4020?

The Gravity SMTP plugin for WordPress contains a vulnerability that allows unauthenticated visitors to access sensitive system configuration data through a REST API endpoint. Specifically, the endpoint at /wp-json/gravitysmtp/v1/tests/mock-data can be exploited due to a permission callback that always returns true. By appending the ?page=gravitysmtp-settings query parameter, attackers can retrieve approximately 365 KB of JSON data, revealing critical information such as the PHP version, loaded extensions, web server version, document root, database server details, active plugins, active theme, WordPress configuration, database table names, and any API keys or tokens configured within the plugin. This exposure can significantly increase the risk of targeted attacks on affected systems.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References