SECURITYTHE HACKER NEWS
Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys
Hackers are exploiting a patched security flaw in the Gravity SMTP WordPress plugin, affecting approximately 100,000 sites. The vulnerability, CVE-2026-4020, is a medium-severity information disclosure flaw allowing unauthenticated attackers to extract sensitive data like API keys and OAuth tokens.
Mentioned
Related Signal
Adjacent reporting
- Hackers exploit info disclosure bug in Gravity SMTP WordPress plugin
- Critical Everest Forms Pro flaw exploited to take over WordPress sites
- Fortinet Issues Emergency Patch for FortiClient Zero-Day
- Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch Available
- Cisco Releases Security Updates for Actively Exploited SD-WAN Manager Flaw