Threat actors are actively exploiting CVE-2026-4020 in Gravity SMTP, a WordPress plugin used on about 100,000 sites, to steal sensitive configuration data, API keys, secrets, and OAuth tokens. Wordfence has blocked over 17 million attempts, and site owners should update to version 2.1.5 and rotate exposed credentials immediately. #GravitySMTP #CVE-2026-4020 #Wordfence
Keypoints
- CVE-2026-4020 is an information disclosure flaw in Gravity SMTP.
- The issue affects a WordPress plugin installed on about 100,000 sites.
- Unauthenticated attackers can access a REST API endpoint and extract system report data.
- Exposed data may include API keys, secrets, OAuth tokens, and third-party email credentials.
- Wordfence has blocked over 17 million exploit attempts and advises updating to version 2.1.5.
Read More: https://thehackernews.com/2026/06/hackers-exploit-gravity-smtp-wordpress.html