Hackers are actively abusing a sensitive information exposure flaw in the Gravity SMTP WordPress plugin, aggressively targeting over 100,000 sites to harvest configuration data and live email credentials. The vulnerability, tracked as CVE‑2026‑4020 and rated 5.3 (Medium), affects all Gravity SMTP versions up to and including 2.1.4 and is now under mass exploitation by distributed […]
The post Hackers Actively Exploiting WordPress SMTP Plugin With 100,000+ Installs to Access Sensitive Data appeared first on Cyber Security News.