{"vulnerability": "CVE-2026-4020", "sightings": [{"uuid": "26db9b87-97fa-4eec-b678-3534d125e1f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mid4jn5ah52r", "content": "", "creation_timestamp": "2026-03-31T02:21:17.149354Z"}, {"uuid": "bd321fd4-4257-4677-a4aa-af7a8e3d2810", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3midc3piujq2j", "content": "", "creation_timestamp": "2026-03-31T04:00:51.921590Z"}, {"uuid": "26432518-425b-47fe-be5f-b141764e6985", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/postac001.bsky.social/post/3midfpd7als2l", "content": "", "creation_timestamp": "2026-03-31T05:05:31.041550Z"}, {"uuid": "51b821d0-1b0c-4e10-afe8-f60d13fbfe35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mid4k5swsi27", "content": "", "creation_timestamp": "2026-03-31T02:21:34.440086Z"}, {"uuid": "ab90a878-22c4-4673-92c9-849ba61181cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3mik45hlgvl2o", "content": "", "creation_timestamp": "2026-04-02T21:03:11.533497Z"}, {"uuid": "7dba8ca2-aba4-4a22-b099-9a640cc298d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3mihlnn7anq2d", "content": "", "creation_timestamp": "2026-04-01T21:02:41.581017Z"}, {"uuid": "4fe786dd-fd2f-4218-bf32-e38462e98fd6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-4020.yaml", "content": "", "creation_timestamp": "2026-03-31T09:31:04.000000Z"}, {"uuid": "20c8bb4f-4251-42da-90b8-b1c6921f6f3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40200", "type": "seen", "source": "https://bsky.app/profile/musl.treehouse.systems.ap.brid.gy/post/3mj5mztiq6sy2", "content": "", "creation_timestamp": "2026-04-10T15:26:16.650254Z"}, {"uuid": "69499676-4017-4456-a627-8e4a32892c9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40200", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mj5w557ej42o", "content": "", "creation_timestamp": "2026-04-10T18:08:47.666915Z"}, {"uuid": "988987b5-3684-4489-8b6c-3eda926c4f64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-40200", "type": "seen", "source": "https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-40200", "content": "", "creation_timestamp": "2026-04-10T08:17:14.000000Z"}, {"uuid": "78199454-76a4-4f89-9a34-2d21e0d61fd2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40200", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mj6s2zxoat2b", "content": "", "creation_timestamp": "2026-04-11T02:28:42.039142Z"}, {"uuid": "0b5c1494-2808-44a6-86c8-358c6a83a5c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40200", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mjitxvbi6n2t", "content": "", "creation_timestamp": "2026-04-15T02:29:21.434605Z"}, {"uuid": "ba5657c4-a59b-4d3e-ac2a-cac7d012d1cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40200", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mj7bmm5cm32k", "content": "", "creation_timestamp": "2026-04-11T07:06:58.166218Z"}, {"uuid": "83083a5c-3156-4b5c-9351-d95c3ade1919", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/hnws.bsky.social/post/3mohxvl36ru2c", "content": "Most of the CVE-2026-4020 attackers are the same client\ncomments \u00b7 posted on 2026.06.17 at 04:47:14 (c=0, p=3)", "creation_timestamp": "2026-06-17T09:12:57.066253Z"}, {"uuid": "06bb689b-3526-41a9-ba36-6e9a2cce05cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "Telegram/v8IgW6gHpWVIushUEONWR1rBf1AadyMpGfLyvEGnY-900sw", "content": "", "creation_timestamp": "2026-03-31T03:17:25.000000Z"}, {"uuid": "27b86198-f8f7-4998-a210-18519fb898dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40200", "type": "seen", "source": "Telegram/3GtkgxN8M7sG_DIdrzHdivrGnBmd9UO5Jhg1ZnRR2u8dymg", "content": "", "creation_timestamp": "2026-04-10T19:31:11.000000Z"}, {"uuid": "cfd6298f-7c90-4678-be99-ff4c673b34ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40201", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mkrxh26lwc2q", "content": "CVE-2026-40201 - Diplodoc Search Extension Stored Cross-Site Scripting Vulnerability\nCVE ID : CVE-2026-40201\n \n Published : May 1, 2026, 9:16 a.m. | 1\u00a0hour, 2\u00a0minutes ago\n \n Description : @diplodoc/search-extension 1.0.0 through 3.x before 3.0.3 allows stored XSS via the title...", "creation_timestamp": "2026-05-01T10:50:40.234353Z"}, {"uuid": "9b858945-7fc7-405d-8477-3cb696108a99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-4020", "type": "seen", "source": "https://bsky.app/profile/cyberveille-ch.bsky.social/post/3mnckaozjuo2s", "content": "\ud83d\udce2 CVE-2026-4020 : Gravity SMTP expose des donn\u00e9es sensibles via un endpoint REST non prot\u00e9g\u00e9\n\ud83d\udcdd ## \ud83d\udd0d Contexte\n\nCrowdSec publie le 1er juin 202\u2026\nhttps://cyberveille.ch/posts/2026-06-01-cve-2026-4020-gravity-smtp-expose-des-donnees-sensibles-via-un-endpoint-rest-non-protege/ #CVE_2026_4020 #Cyberveille", "creation_timestamp": "2026-06-02T12:00:07.532033Z"}, {"uuid": "669d11c1-e1df-4ad7-95c6-920021513809", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/hn100.bsky.social/post/3mohxxlvcbc2b", "content": "Most of the CVE-2026-4020 attackers are the same client\n\nDiscussion", "creation_timestamp": "2026-06-17T09:14:06.107461Z"}, {"uuid": "b2640e02-6e0a-4938-819f-c16a7e80f985", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-4020", "type": "seen", "source": "https://bsky.app/profile/sagalinked.bsky.social/post/3mohy5ncyso2t", "content": "\ud83d\udcf0 Most of the attackers behind CVE-2026-4020 are using the same client, indicating a potential threat to cloud fleets.\n\n\ud83d\udd17 https://honeylabs.net/blog/the-cloud-fleet-behind-cve-2026-4020\n\n#Tech #Dev", "creation_timestamp": "2026-06-17T09:17:27.885717Z"}, {"uuid": "db24718f-2cc2-4a93-aaa2-3902ab0d1d76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/news.karthihegde.dev/post/3mohy62egpk2x", "content": "Most of the CVE-2026-4020 attackers are the same client\nDiscussion | hackernews | Author: Robbedoes", "creation_timestamp": "2026-06-17T09:17:44.206041Z"}, {"uuid": "517e01d0-8759-4466-aba1-bb4ff0939d11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/hackernewsbot.bsky.social/post/3mohycd4qv52p", "content": "Most of the CVE-2026-4020 attackers are the same client | Discussion", "creation_timestamp": "2026-06-17T09:20:05.104120Z"}, {"uuid": "7efaacff-27d1-4568-ab31-d09eccc8454c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-4020", "type": "seen", "source": "https://bsky.app/profile/mm-hacker-news.bsky.social/post/3moi4iqb42o26", "content": "Most of the CVE-2026-4020 attackers are the same client\nhttps://honeylabs.net/blog/the-cloud-fleet-behind-cve-2026-4020", "creation_timestamp": "2026-06-17T10:35:14.828858Z"}, {"uuid": "35a9d2e0-e501-4554-b7b4-f45a42752808", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/hrbrmstr.mastodon.social.ap.brid.gy/post/3moi4vcm3uuy2", "content": "Solid breakdown by @honeylabs of the opportunistic activity against CVE-2026-4020\n\n~560 IPs rotating through ~3,300 UAs\n\nRly important to heed the info further down in the article re: \"attacking the CVE\" vs \"added yet-another-cred path to existing scans\" [\u2026]", "creation_timestamp": "2026-06-17T10:42:18.830965Z"}, {"uuid": "cc7da2a8-bb4b-45f2-acf9-95e396685039", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/a91c00ec-4b95-434a-9719-fd181ddff11f", "content": "", "creation_timestamp": "2026-06-19T12:45:05.443617Z"}, {"uuid": "d437800e-48da-4cf6-8634-d91508f7e51b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/crustytldr.bsky.social/post/3moiids27sc2u", "content": "\ud83d\udd12 Most of the CVE-2026-4020 attackers are the same client\n\nExploitation of CVE-2026-4020, a WordPress Gravity SMTP plugin vulnerability exposing credentials, is primarily the work o...\n\nhttps://tinyurl.com/262ojese #CyberSecurity #InfoSec #CrustyTLDR", "creation_timestamp": "2026-06-17T14:07:13.521644Z"}, {"uuid": "65441ac3-4f9c-403e-8602-937641d1b1fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/ytroncal.bsky.social/post/3mok7ktj7ws26", "content": "Most of the CVE-2026-4020 attackers are the same client honeylabs.net/blog/the-clo...", "creation_timestamp": "2026-06-18T06:35:28.844700Z"}, {"uuid": "34112b70-b39c-4e76-a475-1b67f73aed44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/postac001.bsky.social/post/3mopyky735p2g", "content": "WordPress\u30d7\u30e9\u30b0\u30a4\u30f3Gravity SMTP\u306e\u8106\u5f31\u6027\uff08CVE-2026-4020\uff09\u304c\u60aa\u7528\u3055\u308c\u3001API\u30ad\u30fc\u306a\u3069\u306e\u6a5f\u5bc6\u60c5\u5831\u304c\u6f0f\u6d29\u3059\u308b\u6050\u308c\u304c\u3042\u308b\u3002", "creation_timestamp": "2026-06-20T13:46:12.960667Z"}, {"uuid": "23b9a51b-ab0e-4249-b6c7-7a16d7283154", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/iberianm.bsky.social/post/3mopsnqikgf2f", "content": "Gravity SMTP WordPress plugin (CVE-2026-4020) is being exploited to disclose API keys and OAuth tokens; update the plugin immediately and rotate any exposed secrets. #Cybersecurity #Vulnerability #ThreatIntel\n\nSource: https://thehackernews.com/2026/06/hackers-exploit-gravity-smtp-wordpress.html", "creation_timestamp": "2026-06-20T12:00:29.523443Z"}, {"uuid": "73cf0361-4faa-48fe-910a-15ccc65c79a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3mopt6w4p2aq2", "content": "Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys TheHackerNews Attackers are exploiting CVE-2026-4020 in Gravity SMTP to leak API keys, OAuth tokens, and system data from WordPr...\n\n#Security #News\n\nOrigin | Interest | Match", "creation_timestamp": "2026-06-20T12:13:57.725236Z"}, {"uuid": "d4df2732-ba08-4620-bae8-4a2499277e53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://thehackernews.com/2026/06/hackers-exploit-gravity-smtp-wordpress.html", "content": "Threat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin that's installed on about 100,000 sites.\n\nThe vulnerability, tracked as CVE-2026-4020 (CVSS score: 5.3), is a medium-severity information disclosure flaw that can allow unauthenticated attackers to extract sensitive data, such as configuration data, API keys, secrets, and OAuth tokens", "creation_timestamp": "2026-06-20T07:56:04.000000Z"}, {"uuid": "624bf9d4-daa4-423c-b0c8-638b6bd42fd6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3moojlgrm4d2i", "content": "Hackers are exploiting CVE-2026-4020 in Gravity SMTP, affecting 100,000+ WordPress sites and exposing API keys, OAuth tokens, and email credentials via a REST endpoint. #GravitySMTP #CVE20264020 #WordPress", "creation_timestamp": "2026-06-19T23:45:22.470320Z"}, {"uuid": "c06bcca8-95ac-4f39-a6db-ef3fde656aaf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/sec-news-bot.bsky.social/post/3moppe7txmu25", "content": "Gravity SMTP \u30d7\u30e9\u30b0\u30a4\u30f3\u306e\u8106\u5f31\u6027\u3001API \u30ad\u30fc\u6f0f\u6d29\u306e\u5371\u6a5f\n\nWordPress \u306e Gravity SMTP \u30d7\u30e9\u30b0\u30a4\u30f3\u306e CVE-2026-4020 \u304c\u653b\u6483\u8005\u306b\u60aa\u7528\u3055\u308c\u3001API \u30ad\u30fc\u3084 OAuth \u30c8\u30fc\u30af\u30f3\u3001\u30b7\u30b9\u30c6\u30e0\u60c5\u5831\u304c\u7a83\u53d6\u3055\u308c\u3066\u3044\u308b\u3002\u8a72\u5f53\u30d7\u30e9\u30b0\u30a4\u30f3\u4f7f\u7528\u30b5\u30a4\u30c8\u306f\u65e9\u6025\u306a\u66f4\u65b0\u304c\u5fc5\u9808\u3002\n\n#\u60c5\u5831\u6f0f\u6d29 #CVE #\u8106\u5f31\u6027", "creation_timestamp": "2026-06-20T11:01:23.553141Z"}, {"uuid": "85af0d50-a3f5-4bd9-b9d1-bb25e082b119", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/postac001.bsky.social/post/3moppv6nl7a2r", "content": "WordPress\u30d7\u30e9\u30b0\u30a4\u30f3Gravity SMTP\u306e\u8106\u5f31\u6027\uff08CVE-2026-4020\uff09\u304c\u60aa\u7528\u3055\u308c\u3001\u7d0410\u4e07\u30b5\u30a4\u30c8\u3067API\u30ad\u30fc\u306a\u3069\u304c\u6f0f\u6d29\u3059\u308b\u6050\u308c\u304c\u3042\u308a\u307e\u3059\u3002", "creation_timestamp": "2026-06-20T11:10:52.637740Z"}, {"uuid": "a148d051-c343-4b53-8256-05da3671f23f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3moqmnb5soe2u", "content": "Hackers are exploiting CVE-2026-4020 in Gravity SMTP, a WordPress plugin on 100,000 sites, to expose API keys, secrets, and OAuth tokens via a REST endpoint. #GravitySMTP #CVE20264020 #Wordfence", "creation_timestamp": "2026-06-20T19:45:52.553522Z"}, {"uuid": "e63d90c4-73ac-4f42-ba00-3910ffa57718", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/postac001.bsky.social/post/3moqarsv3cy2g", "content": "WordPress\u30d7\u30e9\u30b0\u30a4\u30f3\u300cGravity SMTP\u300d\u306b\u60c5\u5831\u6f0f\u6d29\u306e\u8106\u5f31\u6027(CVE-2026-4020)\u304c\u3042\u308a\u3001API\u30ad\u30fc\u306a\u3069\u306e\u6a5f\u5bc6\u60c5\u5831\u304c\u7a83\u53d6\u3055\u308c\u308b\u6050\u308c\u304c\u3042\u308a\u307e\u3059\u3002", "creation_timestamp": "2026-06-20T16:13:12.391075Z"}, {"uuid": "0795ddfa-66db-4cd6-aa4a-8c0f97c07f67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-4020", "type": "seen", "source": "https://mastodon.social/ap/users/115426718704364579/statuses/116784587739948914", "content": "\ud83d\udcf0 Hackers Actively Exploit Gravity SMTP Flaw (CVE-2026-4020) to Steal API Keys from 100K WordPress Sites\n\ud83d\udce2 ATTENTION WordPress Admins: A flaw in the Gravity SMTP plugin (CVE-2026-4020) is being mass-exploited to steal API keys. 100K sites at risk. Update to v2.1.5 & rotate all email service credentials NOW! #WordPress #Vulnerability #CyberSecurity\n\ud83c\udf10 cyber[.]netsecops[.]io\n\ud83d\udd17 https://cyber.netsecops.io/articles/gravity-smtp-wordpress-plugin-flaw-cve-2026-4020-activel\u2026", "creation_timestamp": "2026-06-20T21:36:37.283802Z"}, {"uuid": "33eb24c3-05fe-4eb3-a086-8ae8665d352e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/suriq.io/post/3moqd2hn7lb2a", "content": "A 'medium' CVSS told you to skip this one.\n\nIt is dumping live Amazon SES and OAuth keys to anyone who asks, on 100,000 WordPress sites.\n\nPatching does not take the leaked keys back. Rotate them. (CVE-2026-4020)", "creation_timestamp": "2026-06-20T16:53:50.373798Z"}, {"uuid": "b7c6df63-e973-4023-a9ee-9dcf46366b3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/netsecio.bsky.social/post/3moqsuuhr352e", "content": "\ud83d\udce2 ATTENTION WordPress Admins: A flaw in the Gravity SMTP plugin (CVE-2026-4020) is being mass-exploited to steal API keys. 100K sites at risk. Update to v2.1.5 & rotate all email service credentials NOW! #WordPress #Vulnerability #CyberSecurity\n\n\ud83c\udf10 cyber[.]netsecops[.]io", "creation_timestamp": "2026-06-20T21:37:02.286766Z"}, {"uuid": "05ada68b-379c-4fe9-8121-65d3f6d023f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://infosec.exchange/users/tomcat/statuses/116785138273435767", "content": "A Gravity SMTP WordPress plugin flaw is already being exploited.\nCVE-2026-4020 can expose API keys, OAuth tokens, and system data through an unauthenticated REST API endpoint.\nWordfence says it has blocked 17M+ exploit attempts.\nRead the full story: https://thehackernews.com/2026/06/hackers-exploit-gravity-smtp-wordpress.html", "creation_timestamp": "2026-06-20T23:56:30.867097Z"}, {"uuid": "cc89c12f-7d91-4a43-9f42-52de5c2e0d44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mordczgryp2n", "content": "Top 3 CVE for last 7 days:\nCVE-2026-50656: 27 interactions\nCVE-2026-54420: 27 interactions\nCVE-2026-20262: 22 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-9082: 12 interactions\nCVE-2026-11551: 5 interactions\nCVE-2026-4020: 4 interactions\n", "creation_timestamp": "2026-06-21T02:33:27.721018Z"}, {"uuid": "9db6d681-4c7c-4037-9c58-02ff4d209725", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/newssecia.bsky.social/post/3mos42sedb32w", "content": "\ud83e\udd16 CVE-2026-4020 (CVSS 5.3): Active exploitation of Gravity SMTP WordPress plugin (~100k sites). Unauthenticated attackers extract API keys, secrets & OAuth tokens. Patch available.\nhttps://thehackernews.com/2026/06/hackers-exploit-gravity-smtp-wordpress.html", "creation_timestamp": "2026-06-21T09:54:04.612803Z"}, {"uuid": "bcddf82f-f69a-4b8e-8980-d12d2005b01d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/guardian360.bsky.social/post/3moui5bnqnw2c", "content": "The vulnerability, tracked as CVE-2026-4020 (CVSS score: 5.3), is a medium-severity information disclosure flaw that can allow unauthenticated attackers to extract sensitive data, such as configuration data, API keys, secrets, and OAuth tokens configured for the plugin's email", "creation_timestamp": "2026-06-22T08:35:31.869136Z"}, {"uuid": "a9ca767b-da80-40c9-b173-d8cd8d494bb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3moses5jsnc2h", "content": "Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys\n\nThreat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin that's installed on about 100,000 sites.\n\nThe vulnerability, tracked as CVE-2026-4020 (CVSS score: 5.3), i\u2026\n#hackernews #news", "creation_timestamp": "2026-06-21T12:30:17.939459Z"}, {"uuid": "64c72cea-5657-43e9-9714-34f637c94743", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mouwwwtnvt2o", "content": "Attackers are exploiting CVE-2026-4020 in Gravity SMTP before 2.1.5 to pull system reports from WordPress sites, exposing server details, config data, API keys, tokens, and email credentials. #GravitySMTP #CVE2026-4020 #WordPress", "creation_timestamp": "2026-06-22T13:00:25.492116Z"}]}