Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

Gravity SMTP actively exploited information disclosure flaw (CVE-2026-4020)

Vulnerability
First reported
Last updated
Happening score
H score 41
1 unique sources, 1 articles

Summary

Hide ▲

An actively exploited unauthenticated information disclosure flaw in Gravity SMTP exposes API keys, secrets, OAuth tokens, and email-service credentials on sites using the plugin, with the affected footprint reaching 100,000 WordPress sites. The vulnerability is tracked as CVE-2026-4020, affects version 2.1.4 and older, and was fixed in 2.1.5. Wordfence says it has blocked more than 17 million attempts, including a spike on June 7.

Related Happenings

Check Point VPN CVE-2026-50751 targeted exploitation wave

Exploitation Wave
H score47 First: 08.06.2026 17:17 Last: 08.06.2026 17:17 Sources 1

About this happening: **CVE-2026-50751** is an **active exploitation wave** against **Check Point Remote Access VPN** and **Mobile Access** deployments that use **deprecated IKEv1**. The flaw is an **a...

Open Happening

Post SMTP CVE-2025-11833 exploitation wave

Exploitation Wave
H score74 First: 04.11.2025 23:46 Last: 04.11.2025 23:46 Sources 1

About this happening: **CVE-2025-11833** in the **Post SMTP** WordPress plugin is being actively exploited to hijack administrator accounts, putting **more than 400,000 sites** at risk of **full site c...

Open Happening

Google Chrome CVE-2025-2783 active exploitation wave

Exploitation Wave
H score41 First: 28.10.2025 10:22 Last: 28.10.2025 10:22 Sources 1

About this happening: **CVE-2025-2783** is being actively exploited in **Google Chrome** against organizations in **Russia and Belarus**, creating sandbox-escape and payload-delivery risk for exposed b...

Latest development: 17.12.2025 16:54

Kaspersky described a new Operation ForumTroll phishing wave targeting scholars in political science, international relations, and global economics at major Russian universities and research institutions with fake eLibrary emails from support@e-library[.]wiki, one-time links, and ZIP archives named <LastName>_<FirstName>_<Patronymic>.zip that run a LNK and PowerShell chain to fetch a DLL and deploy Tuoni for remote access.

Open Happening

Timeline

  1. 19.06.2026 23:25 1 articles · 2h ago

    Gravity SMTP fixes CVE-2026-4020 in version 2.1.5

    Mitigation Patch Update

    Gravity SMTP version 2.1.5 addresses CVE-2026-4020, an unauthenticated information disclosure flaw in the WordPress plugin that affected version 2.1.4 and older.

    Show sources
    Open in new tab
  2. 19.06.2026 23:25 2 articles · 2h ago

    Wordfence blocks a June 7 spike in Gravity SMTP exploit requests

    Exploitation Observed

    Wordfence says exploitation activity against Gravity SMTP spiked on June 7, when its firewall blocked 4 million requests against protected customers amid active abuse of CVE-2026-4020.

    Show sources
    Open in new tab
  3. 19.06.2026 23:25 1 articles · 2h ago

    Gravity SMTP exposure leaks system reports and credentials through an open REST API endpoint

    Technical Analysis Update

    Defiant warns that Gravity SMTP sites are under active exploitation for CVE-2026-4020 because the exposed REST API endpoint returns a JSON System Report to unauthenticated GET requests when permission_callback always returns true, exposing API keys, secrets, OAuth tokens, third-party email credentials, WordPress configuration details, and server, PHP, and database information; Wordfence also advises admins to watch for requests to /wp-json/gravitysmtp/v1/tests/mock-data, especially with ?page=gravitysmtp-settings.

    Show sources
    Open in new tab