Threat actors are exploiting a recently patched security flaw
impacting Gravity SMTP, a WordPress plugin that's installed on
about 100,000 sites. The vulnerability, tracked as CVE-2026-4020
(CVSS score: 5.3), is a medium-severity information disclosure flaw
that can allow unauthenticated attackers to extract sensitive data,
such as configuration data, API keys, secrets, and OAuth
tokens
Read more https://thehackernews.com/2026/06/hackers-exploit-gravity-smtp-wordpress.html
