Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys
Summary
Attackers are exploiting a vulnerability in the Gravity SMTP WordPress plugin, affecting an estimated 100,000 sites. The flaw allows unauthenticated attackers to expose sensitive API keys and other critical data.
IFF Assessment
This vulnerability allows attackers to steal sensitive information, posing a direct threat to the security of websites and their associated data.
Severity
The CVSS score of 5.3 indicates a medium severity. The vulnerability is exploitable by unauthenticated attackers and allows for information disclosure, which can lead to further compromise.
Defender Context
Defenders should prioritize patching or updating the Gravity SMTP plugin to the latest version immediately to mitigate the risk of API key exposure. This incident highlights the ongoing threat of unauthenticated information disclosure vulnerabilities in widely used WordPress plugins, emphasizing the need for regular security audits and prompt patching cycles.