Post by The Hacker News

A Gravity SMTP WordPress plugin flaw is already being exploited. CVE-2026-4020 can expose API keys, OAuth tokens, and system data through an unauthenticated REST API endpoint. Wordfence says it has blocked 17M+ exploit attempts. Read the full story: https://lnkd.in/g58hJDvJ