Storia in 5 fonti

Hackers exploit info disclosure bug in Gravity SMTP WordPress plugin

Threat actors are exploiting an unauthenticated information disclosure vulnerability in the WordPress plugin Gravity SMTP, active on 100,000 sites.

Raccontata da

Confronto fonti

5 prospettive sulla stessa storia

AI · summaries

bleepingcomputer.comStai leggendo3 g fa

Hackers exploit info disclosure bug in Gravity SMTP WordPress plugin

Gravity SMTP plugin (100k sites) leaks API keys and server config via unauthenticated REST API; 17M exploits blocked. Credentials compromise email services and expose stack details enabling targeted infrastructure attacks.

originale

thehackernews.com3 g fa

Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys

Attackers are exploiting CVE-2026-4020 in Gravity SMTP to leak API keys, OAuth tokens, and system data from WordPress sites.

Leggi questa versione → originale

securityweek.com1 g fa

Attackers Exploit Gravity SMTP Plugin Flaw to Harvest Valuable WordPress Data

Hackers are exploiting a vulnerability in the Gravity SMTP WordPress plugin to extract configuration data, including API keys and tokens.

Leggi questa versione → originale

thenextweb.com3 g fa

Hackers are mass-exploiting a Gravity SMTP flaw to steal API keys from 100,000 WordPress sites

Wordfence has blocked 17M+ exploit attempts targeting a Gravity SMTP bug that leaks API keys, OAuth tokens, and full system reports without authentication.

Leggi questa versione → originale

heise.de2 g fa

Jetzt patchen! Angriffe auf Wordpress-Websites mit Gravity-SMTP-Plug-in

Angreifer verschaffen sich auf Wordpress-Websites mit Gravity-SMTP-Plug-in Zugriff auf eigentlich geschützte Daten.

Leggi questa versione → originale

Timeline cronologica

venerdì 19 giugno 2026·bleepingcomputer.com
Hackers exploit info disclosure bug in Gravity SMTP WordPress plugin
Threat actors are exploiting an unauthenticated information disclosure vulnerability in the WordPress plugin Gravity SMTP, active on 100,000 sites.
sabato 20 giugno 2026·thehackernews.com
Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys
Attackers are exploiting CVE-2026-4020 in Gravity SMTP to leak API keys, OAuth tokens, and system data from WordPress sites.
sabato 20 giugno 2026·thenextweb.com
Hackers are mass-exploiting a Gravity SMTP flaw to steal API keys from 100,000 WordPress sites
Wordfence has blocked 17M+ exploit attempts targeting a Gravity SMTP bug that leaks API keys, OAuth tokens, and full system reports without authentication.
domenica 21 giugno 2026·heise.de
Jetzt patchen! Angriffe auf Wordpress-Websites mit Gravity-SMTP-Plug-in
Angreifer verschaffen sich auf Wordpress-Websites mit Gravity-SMTP-Plug-in Zugriff auf eigentlich geschützte Daten.
lunedì 22 giugno 2026·securityweek.com
Attackers Exploit Gravity SMTP Plugin Flaw to Harvest Valuable WordPress Data
Hackers are exploiting a vulnerability in the Gravity SMTP WordPress plugin to extract configuration data, including API keys and tokens.