Utopia Tech
Security1 min read

Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys

Threat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin that's installed on about 100,000 sites. The vulnerability, tracked as CVE-2026-4020 (CVSS score: 5.3), is a medium-severity information disclosure flaw that can allow unauthenticated attackers to extract sensitive data, such as configuration data, API keys, secrets, and OAu

UT

Utopia Tech

June 20, 2026 · 1 min read

Share

Threat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin that's installed on about 100,000 sites. The vulnerability, tracked as CVE-2026-4020 (CVSS score: 5.3), is a medium-severity information disclosure flaw that can allow unauthenticated attackers to extract sensitive data, such as configuration data, API keys, secrets, and OAuth tokens

Originally published at thehackernews.com

#Cybersecurity#Malware#Vulnerabilities
Share
▸ Want a deeper look?

Talk to an architect about applying this to your stack.

60-minute technical evaluation, no obligation. We'll map the ideas in this article to your environment.

Schedule the call
▸ Continue reading

More from the journal

The Gentlemen RaaS Uses GentleKiller EDR Framework Targeting 400 Security Processes
Security

The Gentlemen RaaS Uses GentleKiller EDR Framework Targeting 400 Security Processes

1 min read

Unpatchable 'usbliter8' Exploit Breaks Apple A12 and A13 SecureROM Boot Chain
Security

Unpatchable 'usbliter8' Exploit Breaks Apple A12 and A13 SecureROM Boot Chain

1 min read

AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution
Security

AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution

1 min read

All posts
Skip to main content