WordPress Plugin Flaw Puts Business Email and Payment Systems at Risk
A popular WordPress plugin is actively leaking API keys and credentials that control business email and payment processing. Here's what small business owners need to know.
Source
GetCyberRight Intelligence
Original headline: WordPress Plugin Actively Leaking API Keys
Plain-English summary by GetCyberRight. Read the full report at the source above.
What Happened
Cybercriminals are actively exploiting a security flaw in Gravity SMTP, a popular WordPress plugin used by thousands of small businesses to send emails from their websites. The vulnerability allows attackers to steal API keys and server credentials that control email systems, payment processors, and other critical business services. This is happening right now, and affected businesses may not realize their credentials have been compromised.
The Details
Gravity SMTP helps WordPress websites send emails reliably through services like Gmail, SendGrid, Mailgun, and others. To work properly, the plugin stores sensitive credentials and API keys that essentially act like master passwords for these services.
The vulnerability allows unauthorized people to access these stored credentials without needing to log into your WordPress dashboard. Think of it like leaving a spare key under your doormat, except you didn't know the doormat was there. Attackers are scanning the internet specifically looking for websites running vulnerable versions of this plugin.
Once attackers have your API keys, they can send emails that appear to come from your business, access customer communications, or even manipulate payment processing systems depending on which services you use. They can also use your email sending capacity for spam or phishing attacks, which could get your domain blacklisted and damage your business reputation.
Who Is Affected
This primarily impacts small business owners, online store operators, and anyone running a WordPress website that uses Gravity SMTP for email functionality. If you run a WordPress site and aren't sure whether you use this plugin, you need to check immediately.
Web developers and marketing agencies managing client websites should also take immediate action. You may be responsible for multiple sites using this vulnerable plugin, multiplying your exposure and responsibility to clients.
What You Should Do Right Now
Log into your WordPress dashboard and go to Plugins. Look for "Gravity SMTP" in your installed plugins list. If you see it, check the version number and update to the latest version immediately.
Stay one step ahead of scammers
Weekly cybersecurity briefings for families. No spam, just the threats that matter and what to do about them.
Reset all API keys and credentials you've entered into Gravity SMTP. This includes keys for SendGrid, Mailgun, Gmail SMTP, Amazon SES, or any other email service you connected. You'll need to generate new keys from each service's dashboard.
Review your email sending logs for the past 30 days through your email service provider (SendGrid, Mailgun, etc.). Look for unusual sending patterns, emails you didn't authorize, or spikes in volume.
Check your WordPress user accounts for any unfamiliar administrators or users. Attackers sometimes create backup access points while they have entry to your system.
Contact your web developer or hosting provider if you're unsure how to complete these steps. This situation requires immediate attention, not a wait-and-see approach.
The Bigger Picture
WordPress powers over 40% of all websites, making plugins like Gravity SMTP attractive targets for attackers. When a single vulnerability affects thousands of sites simultaneously, cybercriminals move quickly to exploit as many as possible before patches are applied. This incident reminds us that website security isn't just about strong passwords. The tools and plugins we rely on daily can become unexpected weak points. Staying informed about emerging threats helps you respond quickly before criminals can cause damage.
How GetCyberRight Can Help
Our Cyber Threat Radar tool tracks emerging vulnerabilities and active exploits affecting WordPress and web infrastructure in real time. Instead of learning about threats days or weeks after they emerge, you'll get timely alerts about risks that actually affect the platforms you use. For small business owners managing websites alongside everything else, this early warning system helps you stay ahead of attackers without becoming a security expert yourself.
Curated from trusted cybersecurity sources by GetCyberRight
Source: GetCyberRight IntelligenceStay ahead of cyber threats
Get our free weekly digest. Real threats, plain language, what to do about them. No spam, ever.
More articles
Major Flaw in Web Proxy Software Could Expose Your Login Credentials
A critical security bug in widely used Squid proxy software can leak passwords and login information between users. Organizations and their employees need to act quickly.
4 min readCriminals Can Now Search Your Stolen Passwords Like a Phone Book
A new underground service lets attackers search stolen credential databases for your specific accounts, making targeted attacks easier than ever.
4 min readHackers Now Hire Specialists to Find Your Stolen Passwords
Cybercriminals are using a new search service to hunt for your specific login credentials in massive data breaches, making targeted attacks easier than ever.
4 min readMajor Security Firms Breached: What This Means for Your Family's Safety
Cybersecurity companies were just hacked through a trusted vendor. Here's what happened and how it affects the services protecting your family online.
3 min read