Hackers Exploit Gravity SMTP WordPress Plugin Flaw, 17M Attacks Blocked | TekBrief
TekBrief
All Stories AI News & Media Security StartUps Tech Video
TekBrief
Security

Hackers Exploit Gravity SMTP WordPress Plugin Flaw, 17M Attacks Blocked

Hackers Exploit Gravity SMTP WordPress Plugin Flaw, 17M Attacks Blocked

Source: https://www.bleepingcomputer.com/news/security/hackers-exploit-info-disclosure-bug-in-gravity-smtp-wordpress-plugin/

Executive Briefing

  • Exploits target CVE-2026-4020, an unauthenticated info-disclosure flaw in Gravity SMTP affecting 100,000 WordPress sites
  • Exposed REST API endpoint leaks API keys, OAuth tokens, email credentials, and server configuration data without authentication
  • Wordfence blocked over 17 million exploit attempts, with a single-day spike of 4 million requests on June 7
  • Patch available in version 2.1.5 since March 17; admins should also monitor logs for requests to the mock-data endpoint
  • Separately, a critical unpatched file-deletion flaw in Avada Builder threatens one million sites with potential full takeover
Share: Facebook LinkedIn Email

Sponsored

Daytona 116503, Automatic, Steel and Yellow Gold, 40

Daytona 116503, Automatic, Steel and Yellow Gold, 40

$27995.00
AI Voice Recorder Pen

AI Voice Recorder Pen

$124.99
NFL PRO LINE Men's Patrick Mahomes Red Kansas City Chiefs Team Jersey

NFL PRO LINE Men's Patrick Mahomes Red Kansas City Chiefs Team Jersey

$149.99
Smart Door Lock, Biometric Fingerprint, Keyless Entry

Smart Door Lock, Biometric Fingerprint, Keyless Entry

$79.99

More Stories