{"uuid": "e19d187d-efb9-4de1-b61f-49b3b68e8b9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/securityonline.bsky.social/post/3mowouslqki2v", "content": "Gravity SMTP Vulnerability Exploited to Steal WordPress API\u00a0Keys\n\nSometimes a leak starts not with a hacked admin panel, but with an open service request. Attackers are using exactly that method against WordPress sites that run the Gravity SMTP plugin. The vulnerability, tracked as CVE-2026-4020,\u2026", "creation_timestamp": "2026-06-23T05:41:24.499481Z"}