Wordfence has blocked 17M+ exploit attempts targeting a Gravity SMTP bug that leaks API keys, OAuth tokens, and full system reports without authentication.
Attackers are exploiting CVE-2026-4020 in Gravity SMTP to leak API keys, OAuth tokens, and system data from WordPress sites.
Gravity SMTP WordPress vulnerability CVE-2026-4020 has drawn 17 million automated exploit attempts since May 2026, draining ...
Hackers are exploiting a vulnerability in the Gravity SMTP WordPress plugin to extract configuration data, including API keys ...
How I stopped a massive WordPress spam attack with 4,700 lines of code in two days - thanks to Codex and Claude ...
Three popular plugins served malicious JavaScript through a compromised CDN.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results