{"vulnerability": "cve-2026-4020", "sightings": [{"uuid": "bd321fd4-4257-4677-a4aa-af7a8e3d2810", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3midc3piujq2j", "content": "", "creation_timestamp": "2026-03-31T04:00:51.921590Z"}, {"uuid": "26432518-425b-47fe-be5f-b141764e6985", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/postac001.bsky.social/post/3midfpd7als2l", "content": "", "creation_timestamp": "2026-03-31T05:05:31.041550Z"}, {"uuid": "26db9b87-97fa-4eec-b678-3534d125e1f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mid4jn5ah52r", "content": "", "creation_timestamp": "2026-03-31T02:21:17.149354Z"}, {"uuid": "51b821d0-1b0c-4e10-afe8-f60d13fbfe35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mid4k5swsi27", "content": "", "creation_timestamp": "2026-03-31T02:21:34.440086Z"}, {"uuid": "4fe786dd-fd2f-4218-bf32-e38462e98fd6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-4020.yaml", "content": "", "creation_timestamp": "2026-03-31T09:31:04.000000Z"}, {"uuid": "7dba8ca2-aba4-4a22-b099-9a640cc298d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3mihlnn7anq2d", "content": "", "creation_timestamp": "2026-04-01T21:02:41.581017Z"}, {"uuid": "ab90a878-22c4-4673-92c9-849ba61181cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3mik45hlgvl2o", "content": "", "creation_timestamp": "2026-04-02T21:03:11.533497Z"}, {"uuid": "20c8bb4f-4251-42da-90b8-b1c6921f6f3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40200", "type": "seen", "source": "https://bsky.app/profile/musl.treehouse.systems.ap.brid.gy/post/3mj5mztiq6sy2", "content": "", "creation_timestamp": "2026-04-10T15:26:16.650254Z"}, {"uuid": "69499676-4017-4456-a627-8e4a32892c9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40200", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mj5w557ej42o", "content": "", "creation_timestamp": "2026-04-10T18:08:47.666915Z"}, {"uuid": "988987b5-3684-4489-8b6c-3eda926c4f64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-40200", "type": "seen", "source": "https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-40200", "content": "", "creation_timestamp": "2026-04-10T08:17:14.000000Z"}, {"uuid": "78199454-76a4-4f89-9a34-2d21e0d61fd2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40200", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mj6s2zxoat2b", "content": "", "creation_timestamp": "2026-04-11T02:28:42.039142Z"}, {"uuid": "ba5657c4-a59b-4d3e-ac2a-cac7d012d1cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40200", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mj7bmm5cm32k", "content": "", "creation_timestamp": "2026-04-11T07:06:58.166218Z"}, {"uuid": "0b5c1494-2808-44a6-86c8-358c6a83a5c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40200", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mjitxvbi6n2t", "content": "", "creation_timestamp": "2026-04-15T02:29:21.434605Z"}, {"uuid": "27b86198-f8f7-4998-a210-18519fb898dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40200", "type": "seen", "source": "Telegram/3GtkgxN8M7sG_DIdrzHdivrGnBmd9UO5Jhg1ZnRR2u8dymg", "content": "", "creation_timestamp": "2026-04-10T19:31:11.000000Z"}, {"uuid": "06bb689b-3526-41a9-ba36-6e9a2cce05cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "Telegram/v8IgW6gHpWVIushUEONWR1rBf1AadyMpGfLyvEGnY-900sw", "content": "", "creation_timestamp": "2026-03-31T03:17:25.000000Z"}, {"uuid": "cfd6298f-7c90-4678-be99-ff4c673b34ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40201", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mkrxh26lwc2q", "content": "CVE-2026-40201 - Diplodoc Search Extension Stored Cross-Site Scripting Vulnerability\nCVE ID : CVE-2026-40201\n \n Published : May 1, 2026, 9:16 a.m. | 1\u00a0hour, 2\u00a0minutes ago\n \n Description : @diplodoc/search-extension 1.0.0 through 3.x before 3.0.3 allows stored XSS via the title...", "creation_timestamp": "2026-05-01T10:50:40.234353Z"}, {"uuid": "9b858945-7fc7-405d-8477-3cb696108a99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-4020", "type": "seen", "source": "https://bsky.app/profile/cyberveille-ch.bsky.social/post/3mnckaozjuo2s", "content": "\ud83d\udce2 CVE-2026-4020 : Gravity SMTP expose des donn\u00e9es sensibles via un endpoint REST non prot\u00e9g\u00e9\n\ud83d\udcdd ## \ud83d\udd0d Contexte\n\nCrowdSec publie le 1er juin 202\u2026\nhttps://cyberveille.ch/posts/2026-06-01-cve-2026-4020-gravity-smtp-expose-des-donnees-sensibles-via-un-endpoint-rest-non-protege/ #CVE_2026_4020 #Cyberveille", "creation_timestamp": "2026-06-02T12:00:07.532033Z"}, {"uuid": "83083a5c-3156-4b5c-9351-d95c3ade1919", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/hnws.bsky.social/post/3mohxvl36ru2c", "content": "Most of the CVE-2026-4020 attackers are the same client\ncomments \u00b7 posted on 2026.06.17 at 04:47:14 (c=0, p=3)", "creation_timestamp": "2026-06-17T09:12:57.066253Z"}, {"uuid": "669d11c1-e1df-4ad7-95c6-920021513809", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/hn100.bsky.social/post/3mohxxlvcbc2b", "content": "Most of the CVE-2026-4020 attackers are the same client\n\nDiscussion", "creation_timestamp": "2026-06-17T09:14:06.107461Z"}, {"uuid": "b2640e02-6e0a-4938-819f-c16a7e80f985", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-4020", "type": "seen", "source": "https://bsky.app/profile/sagalinked.bsky.social/post/3mohy5ncyso2t", "content": "\ud83d\udcf0 Most of the attackers behind CVE-2026-4020 are using the same client, indicating a potential threat to cloud fleets.\n\n\ud83d\udd17 https://honeylabs.net/blog/the-cloud-fleet-behind-cve-2026-4020\n\n#Tech #Dev", "creation_timestamp": "2026-06-17T09:17:27.885717Z"}, {"uuid": "db24718f-2cc2-4a93-aaa2-3902ab0d1d76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/news.karthihegde.dev/post/3mohy62egpk2x", "content": "Most of the CVE-2026-4020 attackers are the same client\nDiscussion | hackernews | Author: Robbedoes", "creation_timestamp": "2026-06-17T09:17:44.206041Z"}, {"uuid": "517e01d0-8759-4466-aba1-bb4ff0939d11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/hackernewsbot.bsky.social/post/3mohycd4qv52p", "content": "Most of the CVE-2026-4020 attackers are the same client | Discussion", "creation_timestamp": "2026-06-17T09:20:05.104120Z"}, {"uuid": "7efaacff-27d1-4568-ab31-d09eccc8454c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-4020", "type": "seen", "source": "https://bsky.app/profile/mm-hacker-news.bsky.social/post/3moi4iqb42o26", "content": "Most of the CVE-2026-4020 attackers are the same client\nhttps://honeylabs.net/blog/the-cloud-fleet-behind-cve-2026-4020", "creation_timestamp": "2026-06-17T10:35:14.828858Z"}, {"uuid": "35a9d2e0-e501-4554-b7b4-f45a42752808", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/hrbrmstr.mastodon.social.ap.brid.gy/post/3moi4vcm3uuy2", "content": "Solid breakdown by @honeylabs of the opportunistic activity against CVE-2026-4020\n\n~560 IPs rotating through ~3,300 UAs\n\nRly important to heed the info further down in the article re: \"attacking the CVE\" vs \"added yet-another-cred path to existing scans\" [\u2026]", "creation_timestamp": "2026-06-17T10:42:18.830965Z"}, {"uuid": "d437800e-48da-4cf6-8634-d91508f7e51b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/crustytldr.bsky.social/post/3moiids27sc2u", "content": "\ud83d\udd12 Most of the CVE-2026-4020 attackers are the same client\n\nExploitation of CVE-2026-4020, a WordPress Gravity SMTP plugin vulnerability exposing credentials, is primarily the work o...\n\nhttps://tinyurl.com/262ojese #CyberSecurity #InfoSec #CrustyTLDR", "creation_timestamp": "2026-06-17T14:07:13.521644Z"}, {"uuid": "65441ac3-4f9c-403e-8602-937641d1b1fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/ytroncal.bsky.social/post/3mok7ktj7ws26", "content": "Most of the CVE-2026-4020 attackers are the same client honeylabs.net/blog/the-clo...", "creation_timestamp": "2026-06-18T06:35:28.844700Z"}, {"uuid": "cc7da2a8-bb4b-45f2-acf9-95e396685039", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/a91c00ec-4b95-434a-9719-fd181ddff11f", "content": "", "creation_timestamp": "2026-06-19T12:45:05.443617Z"}, {"uuid": "624bf9d4-daa4-423c-b0c8-638b6bd42fd6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3moojlgrm4d2i", "content": "Hackers are exploiting CVE-2026-4020 in Gravity SMTP, affecting 100,000+ WordPress sites and exposing API keys, OAuth tokens, and email credentials via a REST endpoint. #GravitySMTP #CVE20264020 #WordPress", "creation_timestamp": "2026-06-19T23:45:22.470320Z"}, {"uuid": "c06bcca8-95ac-4f39-a6db-ef3fde656aaf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/sec-news-bot.bsky.social/post/3moppe7txmu25", "content": "Gravity SMTP \u30d7\u30e9\u30b0\u30a4\u30f3\u306e\u8106\u5f31\u6027\u3001API \u30ad\u30fc\u6f0f\u6d29\u306e\u5371\u6a5f\n\nWordPress \u306e Gravity SMTP \u30d7\u30e9\u30b0\u30a4\u30f3\u306e CVE-2026-4020 \u304c\u653b\u6483\u8005\u306b\u60aa\u7528\u3055\u308c\u3001API \u30ad\u30fc\u3084 OAuth \u30c8\u30fc\u30af\u30f3\u3001\u30b7\u30b9\u30c6\u30e0\u60c5\u5831\u304c\u7a83\u53d6\u3055\u308c\u3066\u3044\u308b\u3002\u8a72\u5f53\u30d7\u30e9\u30b0\u30a4\u30f3\u4f7f\u7528\u30b5\u30a4\u30c8\u306f\u65e9\u6025\u306a\u66f4\u65b0\u304c\u5fc5\u9808\u3002\n\n#\u60c5\u5831\u6f0f\u6d29 #CVE #\u8106\u5f31\u6027", "creation_timestamp": "2026-06-20T11:01:23.553141Z"}, {"uuid": "85af0d50-a3f5-4bd9-b9d1-bb25e082b119", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/postac001.bsky.social/post/3moppv6nl7a2r", "content": "WordPress\u30d7\u30e9\u30b0\u30a4\u30f3Gravity SMTP\u306e\u8106\u5f31\u6027\uff08CVE-2026-4020\uff09\u304c\u60aa\u7528\u3055\u308c\u3001\u7d0410\u4e07\u30b5\u30a4\u30c8\u3067API\u30ad\u30fc\u306a\u3069\u304c\u6f0f\u6d29\u3059\u308b\u6050\u308c\u304c\u3042\u308a\u307e\u3059\u3002", "creation_timestamp": "2026-06-20T11:10:52.637740Z"}, {"uuid": "23b9a51b-ab0e-4249-b6c7-7a16d7283154", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/iberianm.bsky.social/post/3mopsnqikgf2f", "content": "Gravity SMTP WordPress plugin (CVE-2026-4020) is being exploited to disclose API keys and OAuth tokens; update the plugin immediately and rotate any exposed secrets. #Cybersecurity #Vulnerability #ThreatIntel\n\nSource: https://thehackernews.com/2026/06/hackers-exploit-gravity-smtp-wordpress.html", "creation_timestamp": "2026-06-20T12:00:29.523443Z"}, {"uuid": "73cf0361-4faa-48fe-910a-15ccc65c79a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3mopt6w4p2aq2", "content": "Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys TheHackerNews Attackers are exploiting CVE-2026-4020 in Gravity SMTP to leak API keys, OAuth tokens, and system data from WordPr...\n\n#Security #News\n\nOrigin | Interest | Match", "creation_timestamp": "2026-06-20T12:13:57.725236Z"}, {"uuid": "d4df2732-ba08-4620-bae8-4a2499277e53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://thehackernews.com/2026/06/hackers-exploit-gravity-smtp-wordpress.html", "content": "Threat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin that's installed on about 100,000 sites.\n\nThe vulnerability, tracked as CVE-2026-4020 (CVSS score: 5.3), is a medium-severity information disclosure flaw that can allow unauthenticated attackers to extract sensitive data, such as configuration data, API keys, secrets, and OAuth tokens", "creation_timestamp": "2026-06-20T07:56:04.000000Z"}, {"uuid": "34112b70-b39c-4e76-a475-1b67f73aed44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/postac001.bsky.social/post/3mopyky735p2g", "content": "WordPress\u30d7\u30e9\u30b0\u30a4\u30f3Gravity SMTP\u306e\u8106\u5f31\u6027\uff08CVE-2026-4020\uff09\u304c\u60aa\u7528\u3055\u308c\u3001API\u30ad\u30fc\u306a\u3069\u306e\u6a5f\u5bc6\u60c5\u5831\u304c\u6f0f\u6d29\u3059\u308b\u6050\u308c\u304c\u3042\u308b\u3002", "creation_timestamp": "2026-06-20T13:46:12.960667Z"}, {"uuid": "e63d90c4-73ac-4f42-ba00-3910ffa57718", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/postac001.bsky.social/post/3moqarsv3cy2g", "content": "WordPress\u30d7\u30e9\u30b0\u30a4\u30f3\u300cGravity SMTP\u300d\u306b\u60c5\u5831\u6f0f\u6d29\u306e\u8106\u5f31\u6027(CVE-2026-4020)\u304c\u3042\u308a\u3001API\u30ad\u30fc\u306a\u3069\u306e\u6a5f\u5bc6\u60c5\u5831\u304c\u7a83\u53d6\u3055\u308c\u308b\u6050\u308c\u304c\u3042\u308a\u307e\u3059\u3002", "creation_timestamp": "2026-06-20T16:13:12.391075Z"}, {"uuid": "33eb24c3-05fe-4eb3-a086-8ae8665d352e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/suriq.io/post/3moqd2hn7lb2a", "content": "A 'medium' CVSS told you to skip this one.\n\nIt is dumping live Amazon SES and OAuth keys to anyone who asks, on 100,000 WordPress sites.\n\nPatching does not take the leaked keys back. Rotate them. (CVE-2026-4020)", "creation_timestamp": "2026-06-20T16:53:50.373798Z"}, {"uuid": "a148d051-c343-4b53-8256-05da3671f23f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3moqmnb5soe2u", "content": "Hackers are exploiting CVE-2026-4020 in Gravity SMTP, a WordPress plugin on 100,000 sites, to expose API keys, secrets, and OAuth tokens via a REST endpoint. #GravitySMTP #CVE20264020 #Wordfence", "creation_timestamp": "2026-06-20T19:45:52.553522Z"}, {"uuid": "0795ddfa-66db-4cd6-aa4a-8c0f97c07f67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-4020", "type": "seen", "source": "https://mastodon.social/ap/users/115426718704364579/statuses/116784587739948914", "content": "\ud83d\udcf0 Hackers Actively Exploit Gravity SMTP Flaw (CVE-2026-4020) to Steal API Keys from 100K WordPress Sites\n\ud83d\udce2 ATTENTION WordPress Admins: A flaw in the Gravity SMTP plugin (CVE-2026-4020) is being mass-exploited to steal API keys. 100K sites at risk. Update to v2.1.5 & rotate all email service credentials NOW! #WordPress #Vulnerability #CyberSecurity\n\ud83c\udf10 cyber[.]netsecops[.]io\n\ud83d\udd17 https://cyber.netsecops.io/articles/gravity-smtp-wordpress-plugin-flaw-cve-2026-4020-activel\u2026", "creation_timestamp": "2026-06-20T21:36:37.283802Z"}, {"uuid": "b7c6df63-e973-4023-a9ee-9dcf46366b3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/netsecio.bsky.social/post/3moqsuuhr352e", "content": "\ud83d\udce2 ATTENTION WordPress Admins: A flaw in the Gravity SMTP plugin (CVE-2026-4020) is being mass-exploited to steal API keys. 100K sites at risk. Update to v2.1.5 & rotate all email service credentials NOW! #WordPress #Vulnerability #CyberSecurity\n\n\ud83c\udf10 cyber[.]netsecops[.]io", "creation_timestamp": "2026-06-20T21:37:02.286766Z"}, {"uuid": "05ada68b-379c-4fe9-8121-65d3f6d023f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://infosec.exchange/users/tomcat/statuses/116785138273435767", "content": "A Gravity SMTP WordPress plugin flaw is already being exploited.\nCVE-2026-4020 can expose API keys, OAuth tokens, and system data through an unauthenticated REST API endpoint.\nWordfence says it has blocked 17M+ exploit attempts.\nRead the full story: https://thehackernews.com/2026/06/hackers-exploit-gravity-smtp-wordpress.html", "creation_timestamp": "2026-06-20T23:56:30.867097Z"}, {"uuid": "cc89c12f-7d91-4a43-9f42-52de5c2e0d44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mordczgryp2n", "content": "Top 3 CVE for last 7 days:\nCVE-2026-50656: 27 interactions\nCVE-2026-54420: 27 interactions\nCVE-2026-20262: 22 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-9082: 12 interactions\nCVE-2026-11551: 5 interactions\nCVE-2026-4020: 4 interactions\n", "creation_timestamp": "2026-06-21T02:33:27.721018Z"}, {"uuid": "9db6d681-4c7c-4037-9c58-02ff4d209725", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/newssecia.bsky.social/post/3mos42sedb32w", "content": "\ud83e\udd16 CVE-2026-4020 (CVSS 5.3): Active exploitation of Gravity SMTP WordPress plugin (~100k sites). Unauthenticated attackers extract API keys, secrets & OAuth tokens. Patch available.\nhttps://thehackernews.com/2026/06/hackers-exploit-gravity-smtp-wordpress.html", "creation_timestamp": "2026-06-21T09:54:04.612803Z"}, {"uuid": "a9ca767b-da80-40c9-b173-d8cd8d494bb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3moses5jsnc2h", "content": "Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys\n\nThreat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin that's installed on about 100,000 sites.\n\nThe vulnerability, tracked as CVE-2026-4020 (CVSS score: 5.3), i\u2026\n#hackernews #news", "creation_timestamp": "2026-06-21T12:30:17.939459Z"}, {"uuid": "bcddf82f-f69a-4b8e-8980-d12d2005b01d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/guardian360.bsky.social/post/3moui5bnqnw2c", "content": "The vulnerability, tracked as CVE-2026-4020 (CVSS score: 5.3), is a medium-severity information disclosure flaw that can allow unauthenticated attackers to extract sensitive data, such as configuration data, API keys, secrets, and OAuth tokens configured for the plugin's email", "creation_timestamp": "2026-06-22T08:35:31.869136Z"}, {"uuid": "64c72cea-5657-43e9-9714-34f637c94743", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mouwwwtnvt2o", "content": "Attackers are exploiting CVE-2026-4020 in Gravity SMTP before 2.1.5 to pull system reports from WordPress sites, exposing server details, config data, API keys, tokens, and email credentials. #GravitySMTP #CVE2026-4020 #WordPress", "creation_timestamp": "2026-06-22T13:00:25.492116Z"}, {"uuid": "7ac62e65-1d20-41f2-be70-a10d0dfb6833", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/kaldata.bsky.social/post/3movguhrua32o", "content": "\u0425\u0430\u043a\u0435\u0440\u0438 \u0430\u0442\u0430\u043a\u0443\u0432\u0430\u0442 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u0435\u043d WP \u043f\u043b\u044a\u0433\u0438\u043d \u0441 \u043d\u0430\u0434 100 000 \u0430\u043a\u0442\u0438\u0432\u043d\u0438\u00a0\u0438\u043d\u0441\u0442\u0430\u043b\u0430\u0446\u0438\u0438\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f\u0442\u0430 \u0437\u0430 \u043a\u0438\u0431\u0435\u0440\u0441\u0438\u0433\u0443\u0440\u043d\u043e\u0441\u0442 Defiant \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u0432\u0430, \u0447\u0435 \u0445\u0430\u043a\u0435\u0440\u0438 \u0430\u0442\u0430\u043a\u0443\u0432\u0430\u0442 \u043c\u0430\u0441\u043e\u0432\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442 \u0432 WordPress \u043f\u043b\u044a\u0433\u0438\u043d. \u0421\u0442\u0430\u0432\u0430 \u0434\u0443\u043c\u0430 \u0437\u0430 Gravity SMTP, \u0440\u0430\u0437\u0448\u0438\u0440\u0435\u043d\u0438\u0435 \u0441 \u043d\u0430\u0434 100 000 \u0430\u043a\u0442\u0438\u0432\u043d\u0438 \u0438\u043d\u0441\u0442\u0430\u043b\u0430\u0446\u0438\u0438. \u0415\u043a\u0441\u043f\u043b\u043e\u0430\u0442\u0438\u0440\u0430\u043d\u0435\u0442\u043e \u043d\u0430 CVE-2026-4020 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0432\u0430\u2026", "creation_timestamp": "2026-06-22T17:45:23.531029Z"}, {"uuid": "8219d372-9073-4589-bb83-4cabf764016f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mowe7iydwb2a", "content": "Top 3 CVE for last 7 days:\nCVE-2026-50656: 28 interactions\nCVE-2026-20262: 23 interactions\nCVE-2026-54420: 23 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-4020: 5 interactions\nCVE-2026-6645: 5 interactions\nCVE-2025-66336: 4 interactions\n", "creation_timestamp": "2026-06-23T02:30:32.102967Z"}, {"uuid": "c3c769e6-1969-44e2-a762-b0426426fda7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/securitylab-jp.bsky.social/post/3mowlgicqoc2j", "content": "WordPress\u30d7\u30e9\u30b0\u30a4\u30f3\u300cGravity SMTP\u300d\u306e\u8106\u5f31\u6027\u304c\u30b5\u30a4\u30d0\u30fc\u653b\u6483\u306b\u60aa\u7528\u4e2d(CVE-2026-4020)\n\nrocket-boys.co.jp/security-mea...\n\n#\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5bfe\u7b56Lab #security #securitynews #cyberattack #incident", "creation_timestamp": "2026-06-23T04:39:45.738099Z"}, {"uuid": "e19d187d-efb9-4de1-b61f-49b3b68e8b9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/securityonline.bsky.social/post/3mowouslqki2v", "content": "Gravity SMTP Vulnerability Exploited to Steal WordPress API\u00a0Keys\n\nSometimes a leak starts not with a hacked admin panel, but with an open service request. Attackers are using exactly that method against WordPress sites that run the Gravity SMTP plugin. The vulnerability, tracked as CVE-2026-4020,\u2026", "creation_timestamp": "2026-06-23T05:41:24.499481Z"}, {"uuid": "468b7e66-23fb-43e2-b7fc-c402a5174ef1", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/1d0f87f0-35b7-498e-8c08-7868fef52eff", "content": "", "creation_timestamp": "2026-06-23T14:02:56.123734Z"}, {"uuid": "7a723a6f-4fe7-4f89-80e0-333712c2e709", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/eatransform.bsky.social/post/3moyjs3qjdd2l", "content": "Gravity SMTP\u30d7\u30e9\u30b0\u30a4\u30f3\u306e\u8106\u5f31\u6027\u304c\u60aa\u7528\u4e2d\u30fb\u30e1\u30fc\u30ebAPI\u30ad\u30fc\u304c\u6f0f\u6d29\uff5c10\u4e07\u30b5\u30a4\u30c8\u304c\u5bfe\u8c61\u3001\u4eca\u3059\u3050\u3084\u308b\u3079\u304d\u5bfe\u7b56\u3010CVE-2026-4020\u3011", "creation_timestamp": "2026-06-23T23:15:43.602774Z"}, {"uuid": "e2358f81-059a-420a-a6cc-cedf558fd8e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40209", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp4lhwakny2f", "content": "CVE-2026-40209 - Denial of service via IXFR queries\nCVE ID : CVE-2026-40209\n \n Published : June 25, 2026, 12:23 p.m. | 1\u00a0hour, 21\u00a0minutes ago\n \n Description : An attacker might be able to cause outgoing TCP connections to backend to be stuck until a timeout occurs instead of b...", "creation_timestamp": "2026-06-25T13:56:28.244819Z"}, {"uuid": "79137f81-8e0f-4ea0-9137-42ff36efd245", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40208", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp4mlqjugw2r", "content": "CVE-2026-40208 - Denial of service via DoH3 queries\nCVE ID : CVE-2026-40208\n \n Published : June 25, 2026, 12:22 p.m. | 1\u00a0hour, 22\u00a0minutes ago\n \n Description : An attacker might be able to delay the processing of DoH3 queries by sending DoH3 GET queries with an invalid DATA fra...", "creation_timestamp": "2026-06-25T14:17:03.244828Z"}]}