WordPress

WordPress platform coverage, including plugins, themes, CMS security, site administration, publishing tools, and practical guidance for website owners and developers.

Zero-Day
XREAL
xAI
x402
WWDC 2026
WWDC 2021
WWDC
World Cup 2026
Work IQ
WordPress Security

How-to
Security
WordPress

Gravity SMTP Exploit Puts WordPress Mail API Keys at Risk

Attackers are actively exploiting CVE-2026-4020 in the Gravity SMTP WordPress plugin, a flaw that can expose mail-service API keys, OAuth tokens, plugin versions, and server details. Site owners should update to Gravity SMTP 2.1.5 or later, check logs, and rotate affected email credentials.

June 20, 2026