Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys

Threat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin that’s installed on about 100,000 sites.

The vulnerability, tracked as CVE-2026-4020 (CVSS score: 5.3), is a medium-severity information disclosure flaw that can allow unauthenticated attackers to extract sensitive data, such as configuration data, API keys, secrets, and OAuth tokens

Source: The Hacker News

Tags:

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit

Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit Read on The Hacker News Source: The Hacker News

Read More

Attack Update: Top 5 Attack-IPs auf doode.info – 15.06.2026

Watchtower Attack Update. Hier die aktuellen Top 5 Attack-IPs, die auf doode.info klopfen. 213.209.159.175 — 59 requests (recent log) 192.253.248.169 — 59 requests (recent log) 89.167.35.212 — 41 requests (recent

Read More

A short history of Cerro Torre, the most controversial mountain (2012)

A short history of Cerro Torre, the most controversial mountain (2012) Source: Hacker News

Read More