TechSecInfo

The tech + cyber briefing: what happened, why it matters, and where it came from.

Cyber Security

Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys

By rooter

Threat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin that’s installed on about 100,000 sites.

The vulnerability, tracked as CVE-2026-4020 (CVSS score: 5.3), is a medium-severity information disclosure flaw that can allow unauthenticated attackers to extract sensitive data, such as configuration data, API keys, secrets, and OAuth tokens

Oh hi there đź‘‹
It’s nice to meet you.

Sign up to receive awesome content in your inbox, every month.

We don’t spam! Read our privacy policy for more info.

Oh hi there đź‘‹
It’s nice to meet you.

Sign up to receive awesome content in your inbox, every month.

We don’t spam! Read our privacy policy for more info.

By rooter

Related Post

Cyber Security

Innovator Spotlight: Ensemble

rooter
Cyber Security

Innovator Spotlight: Centrii

rooter
Cyber Security

Unpatchable ‘usbliter8’ Exploit Breaks Apple A12 and A13 SecureROM Boot Chain

rooter

Leave a Reply

You Missed

News

Everyday Robovac Champions—Roborock Qrevo S Pro & QV 35A Head to Head

Cyber Security

Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys

News

FortiBleed Exposes Global Credential-Spraying Operation

News

CISA Warns of Active Exploitation Following FortiBleed Leak