External Publication
Visit Post

Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys

The Hacker News | #1 Trusted Source for Cybersecurity News [Uno… June 20, 2026
Source
Threat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin that's installed on about 100,000 sites. The vulnerability, tracked as CVE-2026-4020 (CVSS score: 5.3), is a medium-severity information disclosure flaw that can allow unauthenticated attackers to extract sensitive data, such as configuration data, API keys, secrets, and OAuth tokens

Discussion in the ATmosphere

Loading comments...