Threat actors are actively exploiting an unauthenticated information disclosure vulnerability in the **Gravity SMTP** WordPress plugin, which is installed on approximately 100,000 sites, according to