{"uuid": "0795ddfa-66db-4cd6-aa4a-8c0f97c07f67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-4020", "type": "seen", "source": "https://mastodon.social/ap/users/115426718704364579/statuses/116784587739948914", "content": "\ud83d\udcf0 Hackers Actively Exploit Gravity SMTP Flaw (CVE-2026-4020) to Steal API Keys from 100K WordPress Sites\n\ud83d\udce2 ATTENTION WordPress Admins: A flaw in the Gravity SMTP plugin (CVE-2026-4020) is being mass-exploited to steal API keys. 100K sites at risk. Update to v2.1.5 & rotate all email service credentials NOW! #WordPress #Vulnerability #CyberSecurity\n\ud83c\udf10 cyber[.]netsecops[.]io\n\ud83d\udd17 https://cyber.netsecops.io/articles/gravity-smtp-wordpress-plugin-flaw-cve-2026-4020-activel\u2026", "creation_timestamp": "2026-06-20T21:36:37.283802Z"}