From Wordfence: Attackers Actively Exploiting Sensitive Information Exposure Vulnerability in Gravity SMTP Plugin
The WordPress plugin Gravity SMTP is currently under active, large-scale attack due to a “Sensitive Information Exposure” vulnerability (CVE-2026-4020). The flaw exists in a REST API endpoint that incorrectly…