Skip to content
The Nexus
SECURITYJun 20 · 09:56 UTCTHE HACKER NEWS[email protected] (The Hacker News)

Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys

Hackers are exploiting a patched security flaw in the Gravity SMTP WordPress plugin, affecting approximately 100,000 sites. The vulnerability, CVE-2026-4020, is a medium-severity information disclosure flaw allowing unauthenticated attackers to extract sensitive data like API keys and OAuth tokens.

Nexus surfaces and summarizes. The full story lives at the source.

Mentioned
Spot something wrong with this article?Report a problem →
Forward this
Related Signal

Adjacent reporting