Dossier
information disclosure flaw
Coverage of information disclosure flaw in the Nexus archive.
- Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys
Hackers are exploiting a patched security flaw in the Gravity SMTP WordPress plugin, affecting approximately 100,000 sites. The vulnerability, CVE-2026-4020, is a medium-severity information disclosure flaw allowing unauthenticated attackers to extract sensitive data like API keys and OAuth tokens.