Primary

Context

Gravity SMTP Missing Authorization Vulnerability Allowing Uninstallation and Deactivation of the Plugin

Vulnerability

A vulnerability exists in the Gravity SMTP plugin for WordPress, in versions through 2.1.4, due to missing authorization checks. This flaw allows authenticated users with subscriber-level access and above to uninstall and deactivate the plugin, as well as delete plugin options. Additionally, this vulnerability can be exploited through Cross-Site Request Forgery (CSRF).

Impact

Exploitation of this vulnerability allows for the unauthorized uninstallation and deactivation of the Gravity SMTP plugin, along with the removal of its options. This could disrupt email delivery services managed by the plugin, potentially leading to missed communications or delivery failures.

Remediation

Users are advised to update the Gravity SMTP plugin to version 2.1.5 or a newer patched version.

Added: Apr 10, 2026, 11:59 AM

Updated: Apr 10, 2026, 11:59 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

5.2

remediation

0.0

relevance

5.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

5.2

remediation

0.0

relevance

5.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Gravity SMTP Missing Authorization Vulnerability Allowing Uninstallation and Deactivation of the Plugin

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating