Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys
Threat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin that's installed on about 100,000 sites. The vulnerability, tracked as CVE-2026-4020 (CVSS score: 5.3), is a medium-severity information disclosure flaw that can allow unauthenticated attackers to extract sensitive data, such as configuration data, API keys, secrets, and OAuth tokens
Vollständiger Artikel für Mitglieder verfügbar
Einloggen oder registrieren um den KI-aufbereiteten Artikel mit erklärten Fachbegriffen zu lesen.