> TritonInfoSec News
Home / Jun 21, 2026 / Story
0
#9 The Hacker News general June 20, 2026 at 09:56 UTC

Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys

By [email protected] (The Hacker News)

AI Summary

Threat actors are actively exploiting CVE-2026-4020 (CVSS 5.3), an unauthenticated information disclosure vulnerability in the Gravity SMTP WordPress plugin installed on roughly 100,000 sites, to extract API keys, OAuth tokens, and other secrets from plugin configuration data. Despite the medium severity CVSS score, active in-the-wild exploitation of this plugin across a large install base makes patching urgent for WordPress site operators.

Read full article → https://thehackernews.com/2026/06/hackers-exploit-…

Relevance score: 70.0/100

# More from June 21

  1. 1
    CISA warns Fortinet users to secure devices after FortiBleed leak BleepingComputer
  2. 2
    FortiBleed: 86,000 Fortinet Device Credentials Compromised SecurityWeek
  3. 3
    15,000 WordPress Websites Cleaned Up in SocGholish Botnet Takedown SecurityWeek
  4. 4
    Police raid malware network tied to Russia's Evil Corp hacker group The Record
  5. 5
    Microsoft links Mastra AI supply chain attack to North Korean hackers BleepingComputer
  6. 6
    Cybersecurity Firms Impacted by Klue Supply Chain Attack SecurityWeek
  7. 7
    Klue OAuth breach victim list grows as Icarus hackers claim attack BleepingComputer
  8. 8
    AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution The Hacker News
  9. 10
    Apple Patches Beats Studio Buds Flaw Letting Nearby Attackers Spy via Microphone The Hacker News