https://vulnerability.circl.lu/sightings/feedMost recent sightings.2026-06-22T15:36:15.364846+00:00Vulnerability-Lookupinfo@circl.lupython-feedgenContains only the most 10 recent sightings.https://vulnerability.circl.lu/sighting/33eb24c3-05fe-4eb3-a086-8ae8665d352e/export33eb24c3-05fe-4eb3-a086-8ae8665d352e2026-06-22T15:36:15.371874+00:00Automation userhttps://cvepremium.circl.lu/user/automation{"uuid": "33eb24c3-05fe-4eb3-a086-8ae8665d352e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/suriq.io/post/3moqd2hn7lb2a", "content": "A 'medium' CVSS told you to skip this one.\n\nIt is dumping live Amazon SES and OAuth keys to anyone who asks, on 100,000 WordPress sites.\n\nPatching does not take the leaked keys back. Rotate them. (CVE-2026-4020)", "creation_timestamp": "2026-06-20T16:53:50.373798Z"}2026-06-20T16:53:50.373798+00:00https://vulnerability.circl.lu/sighting/a148d051-c343-4b53-8256-05da3671f23f/exporta148d051-c343-4b53-8256-05da3671f23f2026-06-22T15:36:15.371798+00:00Automation userhttps://cvepremium.circl.lu/user/automation{"uuid": "a148d051-c343-4b53-8256-05da3671f23f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3moqmnb5soe2u", "content": "Hackers are exploiting CVE-2026-4020 in Gravity SMTP, a WordPress plugin on 100,000 sites, to expose API keys, secrets, and OAuth tokens via a REST endpoint. #GravitySMTP #CVE20264020 #Wordfence", "creation_timestamp": "2026-06-20T19:45:52.553522Z"}2026-06-20T19:45:52.553522+00:00https://vulnerability.circl.lu/sighting/0795ddfa-66db-4cd6-aa4a-8c0f97c07f67/export0795ddfa-66db-4cd6-aa4a-8c0f97c07f672026-06-22T15:36:15.371716+00:00Automation userhttps://cvepremium.circl.lu/user/automation{"uuid": "0795ddfa-66db-4cd6-aa4a-8c0f97c07f67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-4020", "type": "seen", "source": "https://mastodon.social/ap/users/115426718704364579/statuses/116784587739948914", "content": "\ud83d\udcf0 Hackers Actively Exploit Gravity SMTP Flaw (CVE-2026-4020) to Steal API Keys from 100K WordPress Sites\n\ud83d\udce2 ATTENTION WordPress Admins: A flaw in the Gravity SMTP plugin (CVE-2026-4020) is being mass-exploited to steal API keys. 100K sites at risk. Update to v2.1.5 & rotate all email service credentials NOW! #WordPress #Vulnerability #CyberSecurity\n\ud83c\udf10 cyber[.]netsecops[.]io\n\ud83d\udd17 https://cyber.netsecops.io/articles/gravity-smtp-wordpress-plugin-flaw-cve-2026-4020-activel\u2026", "creation_timestamp": "2026-06-20T21:36:37.283802Z"}2026-06-20T21:36:37.283802+00:00https://vulnerability.circl.lu/sighting/b7c6df63-e973-4023-a9ee-9dcf46366b3a/exportb7c6df63-e973-4023-a9ee-9dcf46366b3a2026-06-22T15:36:15.371634+00:00Automation userhttps://cvepremium.circl.lu/user/automation{"uuid": "b7c6df63-e973-4023-a9ee-9dcf46366b3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/netsecio.bsky.social/post/3moqsuuhr352e", "content": "\ud83d\udce2 ATTENTION WordPress Admins: A flaw in the Gravity SMTP plugin (CVE-2026-4020) is being mass-exploited to steal API keys. 100K sites at risk. Update to v2.1.5 & rotate all email service credentials NOW! #WordPress #Vulnerability #CyberSecurity\n\n\ud83c\udf10 cyber[.]netsecops[.]io", "creation_timestamp": "2026-06-20T21:37:02.286766Z"}2026-06-20T21:37:02.286766+00:00https://vulnerability.circl.lu/sighting/05ada68b-379c-4fe9-8121-65d3f6d023f9/export05ada68b-379c-4fe9-8121-65d3f6d023f92026-06-22T15:36:15.371548+00:00Automation userhttps://cvepremium.circl.lu/user/automation{"uuid": "05ada68b-379c-4fe9-8121-65d3f6d023f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://infosec.exchange/users/tomcat/statuses/116785138273435767", "content": "A Gravity SMTP WordPress plugin flaw is already being exploited.\nCVE-2026-4020 can expose API keys, OAuth tokens, and system data through an unauthenticated REST API endpoint.\nWordfence says it has blocked 17M+ exploit attempts.\nRead the full story: https://thehackernews.com/2026/06/hackers-exploit-gravity-smtp-wordpress.html", "creation_timestamp": "2026-06-20T23:56:30.867097Z"}2026-06-20T23:56:30.867097+00:00https://vulnerability.circl.lu/sighting/cc89c12f-7d91-4a43-9f42-52de5c2e0d44/exportcc89c12f-7d91-4a43-9f42-52de5c2e0d442026-06-22T15:36:15.371468+00:00Automation userhttps://cvepremium.circl.lu/user/automation{"uuid": "cc89c12f-7d91-4a43-9f42-52de5c2e0d44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mordczgryp2n", "content": "Top 3 CVE for last 7 days:\nCVE-2026-50656: 27 interactions\nCVE-2026-54420: 27 interactions\nCVE-2026-20262: 22 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-9082: 12 interactions\nCVE-2026-11551: 5 interactions\nCVE-2026-4020: 4 interactions\n", "creation_timestamp": "2026-06-21T02:33:27.721018Z"}2026-06-21T02:33:27.721018+00:00https://vulnerability.circl.lu/sighting/9db6d681-4c7c-4037-9c58-02ff4d209725/export9db6d681-4c7c-4037-9c58-02ff4d2097252026-06-22T15:36:15.371389+00:00Automation userhttps://cvepremium.circl.lu/user/automation{"uuid": "9db6d681-4c7c-4037-9c58-02ff4d209725", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/newssecia.bsky.social/post/3mos42sedb32w", "content": "\ud83e\udd16 CVE-2026-4020 (CVSS 5.3): Active exploitation of Gravity SMTP WordPress plugin (~100k sites). Unauthenticated attackers extract API keys, secrets & OAuth tokens. Patch available.\nhttps://thehackernews.com/2026/06/hackers-exploit-gravity-smtp-wordpress.html", "creation_timestamp": "2026-06-21T09:54:04.612803Z"}2026-06-21T09:54:04.612803+00:00https://vulnerability.circl.lu/sighting/a9ca767b-da80-40c9-b173-d8cd8d494bb2/exporta9ca767b-da80-40c9-b173-d8cd8d494bb22026-06-22T15:36:15.371290+00:00Automation userhttps://cvepremium.circl.lu/user/automation{"uuid": "a9ca767b-da80-40c9-b173-d8cd8d494bb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3moses5jsnc2h", "content": "Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys\n\nThreat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin that's installed on about 100,000 sites.\n\nThe vulnerability, tracked as CVE-2026-4020 (CVSS score: 5.3), i\u2026\n#hackernews #news", "creation_timestamp": "2026-06-21T12:30:17.939459Z"}2026-06-21T12:30:17.939459+00:00https://vulnerability.circl.lu/sighting/bcddf82f-f69a-4b8e-8980-d12d2005b01d/exportbcddf82f-f69a-4b8e-8980-d12d2005b01d2026-06-22T15:36:15.371189+00:00Automation userhttps://cvepremium.circl.lu/user/automation{"uuid": "bcddf82f-f69a-4b8e-8980-d12d2005b01d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/guardian360.bsky.social/post/3moui5bnqnw2c", "content": "The vulnerability, tracked as CVE-2026-4020 (CVSS score: 5.3), is a medium-severity information disclosure flaw that can allow unauthenticated attackers to extract sensitive data, such as configuration data, API keys, secrets, and OAuth tokens configured for the plugin's email", "creation_timestamp": "2026-06-22T08:35:31.869136Z"}2026-06-22T08:35:31.869136+00:00https://vulnerability.circl.lu/sighting/64c72cea-5657-43e9-9714-34f637c94743/export64c72cea-5657-43e9-9714-34f637c947432026-06-22T15:36:15.370032+00:00Automation userhttps://cvepremium.circl.lu/user/automation{"uuid": "64c72cea-5657-43e9-9714-34f637c94743", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mouwwwtnvt2o", "content": "Attackers are exploiting CVE-2026-4020 in Gravity SMTP before 2.1.5 to pull system reports from WordPress sites, exposing server details, config data, API keys, tokens, and email credentials. #GravitySMTP #CVE2026-4020 #WordPress", "creation_timestamp": "2026-06-22T13:00:25.492116Z"}2026-06-22T13:00:25.492116+00:00