Hackers Exploit Vulnerability in Gravity SMTP Plugin for WordPress
Photo: BleepingComputer
Quick answer
Hackers are exploiting a critical vulnerability in the Gravity SMTP WordPress plugin, enabling unauthorized data theft. The flaw affects over 100,000 sites.
Cybercriminals are actively exploiting a critical vulnerability in the popular Gravity SMTP plugin for WordPress, which is used to configure email delivery via SMTP. The issue affects over 100,000 websites running the vulnerable version of the plugin.
The flaw allows attackers to access sensitive information without authentication. In particular, SMTP server data—including login credentials and passwords—as well as other plugin settings are at risk. Cybersecurity experts report that attacks are already being observed in real-world conditions.
Gravity SMTP developers have promptly released a patch to address the vulnerability. Website administrators are strongly advised to update the plugin to the latest version. Experts also recommend conducting a security audit and reviewing logs for suspicious activity to minimize the risk of data compromise.
Common questions
- What vulnerability has been discovered in Gravity SMTP?
- This is an information disclosure vulnerability that allows attackers to access sensitive data without authentication. It affects the WordPress plugin used for SMTP email delivery management.
- How can I protect against attacks on Gravity SMTP?
- Update the plugin to the latest version released by the developers. Also, check server logs for suspicious activity and enhance security monitoring.
- What data could be stolen due to this vulnerability?
- Attackers may gain access to plugin configuration data, including SMTP login credentials and passwords, as well as other sensitive server information.
Dzen feed: /feed/dzen.xml · RSS: /feed.xml