Api-Keys

vulnerabilities 2026-06-20
Gravity SMTP CVE-2026-4020: Unauthenticated Flaw Leaks Cloud Email API Keys Amid Mass Exploitation
Attackers are mass-exploiting CVE-2026-4020 in the Gravity SMTP WordPress plugin to dump site config and third-party email provider API keys. Patch to 2.1.5 and rotate every key now.
wordpress cve-2026-4020 gravity-smtp information-disclosure wordfence api-keys email-security

Gravity SMTP CVE-2026-4020: Unauthenticated Flaw Leaks Cloud Email API Keys Amid Mass Exploitation