Attackers Exploit Gravity SMTP Plugin Flaw to Harvest Valuable WordPress Data

Por /

Popular Topics

Security Community

Stay Intouch

About SecurityWeek

News Tips

Got a confidential news tip? We want to hear from you.

Submit Tip

Advertising

Reach a large audience of enterprise cybersecurity professionals

Contact Us

Daily Briefing Newsletter

Subscribe to the SecurityWeek Daily Briefing and get the latest content delivered to your inbox.

(function () {
var SOURCE = “Footer”;
var TARGET = “#sw-hs-form-footer-3”;

function create() {
if (typeof hbspt === ‘undefined’ || !hbspt.forms) return false;
hbspt.forms.create({
portalId: “5319632”,
formId: “05a88e2a-0d52-4b0c-a0e2-fdb79a8d17e0”,
region: “na1”,
target: TARGET,
cssClass: “sw-hs-footer”,
hiddenFields: { email_signup_source: SOURCE },
onFormReady: function () {
var root = document.querySelector(TARGET);
if (!root) return;

// Namespace input ids (and any label[for] / aria-*
// refs that point to them) to make them unique per
// embed. HubSpot derives ids from the form id, so
// every embed on a page emits the same hsForm_/email-/
// label-email- ids. Duplicate input ids break the
// getElementById validation lookups that cause the
// “click Subscribe several times before it works”
// symptom (validation reads the wrong form’s empty
// input).
//
// CRITICAL: only rename inputs. Do NOT touch the
// id or the label ids. HubSpot’s submit-
// response routing uses the form id to pick which
// embed receives the success message; renaming the
// form id makes the success message land in the
// wrong form.
var suffix = ‘-‘ + SOURCE.toLowerCase();
var idMap = {};
root.querySelectorAll(‘input[id]’).forEach(function (input) {
if (input.id.slice(-suffix.length) === suffix) return;
var oldId = input.id;
idMap[oldId] = oldId + suffix;
input.id = idMap[oldId];
});
root.querySelectorAll(‘[for]’).forEach(function (el) {
if (idMap[el.htmlFor]) el.htmlFor = idMap[el.htmlFor];
});
[‘aria-labelledby’, ‘aria-describedby’, ‘aria-controls’].forEach(function (attr) {
root.querySelectorAll(‘[‘ + attr + ‘]’).forEach(function (el) {
var val = el.getAttribute(attr);
if (val && idMap[val]) el.setAttribute(attr, idMap[val]);
});
});

var email = root.querySelector(‘input[name=”email”]’);
if (email && !email.placeholder) {
email.placeholder = ‘Business Email Address…’;
}
// hiddenFields is honored in raw-HTML mode; restamp anyway
// in case anything resets the value before submit.
var src = root.querySelector(‘input[name=”email_signup_source”]’);
if (src) {
src.value = SOURCE;
src.dispatchEvent(new Event(‘input’, { bubbles: true }));
src.dispatchEvent(new Event(‘change’, { bubbles: true }));
}
},
onFormSubmit: function () {
document.dispatchEvent(new CustomEvent(‘sw:newsletter:submitted’, {
detail: { position: SOURCE }
}));
}
});
return true;
}

if (!create()) {
var attempts = 0;
var t = setInterval(function () {
attempts++;
if (create() || attempts > 50) clearInterval(t);
}, 100);
}
})();

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Deixe um comentário

O seu endereço de e-mail não será publicado. Campos obrigatórios são marcados com *

Rolar para cima