Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys

Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys

Notícia de segurança recolhida automaticamente.

Threat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin that's installed on about 100,000 sites.

The vulnerability, tracked as CVE-2026-4020 (CVSS score: 5.3), is a medium-severity information disclosure flaw that can allow unauthenticated attackers to extract sensitive data, such as configuration data, API keys, secrets, and OAuth tokens

Fonte original: Ler artigo completo aqui