Dossier
CVE-2026-4020
Coverage of CVE-2026-4020 in the Nexus archive.
- Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys
Hackers are exploiting a patched security flaw in the Gravity SMTP WordPress plugin, affecting approximately 100,000 sites. The vulnerability, CVE-2026-4020, is a medium-severity information disclosure flaw allowing unauthenticated attackers to extract sensitive data like API keys and OAuth tokens.
- Most of the CVE-2026-4020 attackers are the same client
Most attackers exploiting CVE-2026-4020 originate from the same client, according to an analysis by HoneyLabs. The article is featured on HoneyLabs' blog and linked on Hacker News with no comments.