URL has been copied successfully!
Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys
URL has been copied successfully!

Collecting Cyber-News from over 60 sources

Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys


Tags: , , , , , , , ,

Threat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin that’s installed on about 100,000 sites.The vulnerability, tracked as CVE-2026-4020 (CVSS score: 5.3), is a medium-severity information disclosure flaw that can allow unauthenticated attackers to extract sensitive data, such as configuration data, API keys, secrets, and OAuth tokens

First seen on thehackernews.com

Jump to article: thehackernews.com/2026/06/hackers-exploit-gravity-smtp-wordpress.html

Loading

Share via Email
Share on Facebook
Tweet on X (Twitter)
Share on Whatsapp
Share on LinkedIn
Share on Xing
Copy link

also interesting:

  1. Hackers Exploit WordPress SMTP Plugin With 100,000+ Installs to Steal Sensitive Data
  2. Russian APT28 compromised Western logistics and IT firms to track aid to Ukraine
  3. Cybersecurity Snapshot: AI Will Take Center Stage in Cyber in 2026, Google Says, as MITRE Revamps ATTCK Framework
  4. 14 old software bugs that took way too long to squash