Hackers Exploit Gravity SMTP WordPress Plugin Flaw, 17M Attacks Blocked | TekBrief
TekBrief
All Stories AI News & Media Security StartUps Tech Video
TekBrief
Security

Hackers Exploit Gravity SMTP WordPress Plugin Flaw, 17M Attacks Blocked

Hackers Exploit Gravity SMTP WordPress Plugin Flaw, 17M Attacks Blocked

Source: https://www.bleepingcomputer.com/news/security/hackers-exploit-info-disclosure-bug-in-gravity-smtp-wordpress-plugin/

Executive Briefing

  • Exploits target CVE-2026-4020, an unauthenticated info-disclosure flaw in Gravity SMTP affecting 100,000 WordPress sites
  • Exposed REST API endpoint leaks API keys, OAuth tokens, email credentials, and server configuration data without authentication
  • Wordfence blocked over 17 million exploit attempts, with a single-day spike of 4 million requests on June 7
  • Patch available in version 2.1.5 since March 17; admins should also monitor logs for requests to the mock-data endpoint
  • Separately, a critical unpatched file-deletion flaw in Avada Builder threatens one million sites with potential full takeover
Share: Facebook LinkedIn Email

Sponsored

ULTIMAL Rugged Case with Band for Apple Watch

ULTIMAL Rugged Case with Band for Apple Watch

$39.99
Apple 2026 MacBook Air 15-inch Laptop with M5 chip

Apple 2026 MacBook Air 15-inch Laptop with M5 chip

$1268.00
Apple 2026 MacBook Neo 13-inch Laptop with A18 Pro chip

Apple 2026 MacBook Neo 13-inch Laptop with A18 Pro chip

$689.99
Machenike G3V2 Bluetooth Controller for Pc/Switch/Ios/Android, Hall Effect Joysticks, RGB Lighting Gaming Controller,2 Programmable Buttons,1000mah Battery With Charging Station, Pink

Machenike G3V2 Bluetooth Controller for Pc/Switch/Ios/Android, Hall Effect Joysticks, RGB Lighting Gaming Controller,2 Programmable Buttons,1000mah Battery With Charging Station, Pink

$56.24

More Stories