Impact
The Gravity SMTP plugin for WordPress contains a REST API endpoint at /wp-json/gravitysmtp/v1/tests/mock-data that always allows requests to succeed regardless of authentication. When the query parameter ?page=gravitysmtp-settings is included, the endpoint generates a large System Report built from internal connector data, returning approximately 365 KB of JSON. This report includes PHP version, loaded extensions, web server information, database server type and version, WordPress core and plugin versions, active theme, configuration details, database table names, and any API keys or tokens configured in the plugin, thereby exposing sensitive configuration and credential data. This flaw is classified as CWE‑200 Information Exposure.
Affected Systems
WordPress sites that have the Gravity SMTP plugin version 2.1.4 or earlier installed are impacted. The vulnerability applies to all builds distributed by RocketGenius up to and including 2.1.4.
Risk and Exploitability
The CVSS score of 7.5 classifies the vulnerability as high severity, and the EPSS score of 40% indicates a relatively high probability of exploitation. Because the endpoint is publicly reachable without any authentication, an attacker can retrieve the full system report with a simple HTTP GET request, making exploitation trivial and potentially exposing a wealth of credential and configuration information. The vulnerability is not listed in the CISA KEV catalog.
OpenCVE Enrichment