CVE-2026-4020

Coverage of CVE-2026-4020, the Gravity SMTP sensitive information exposure vulnerability.

How-to
Security
WordPress

Gravity SMTP Exploit Puts WordPress Mail API Keys at Risk

Attackers are actively exploiting CVE-2026-4020 in the Gravity SMTP WordPress plugin, a flaw that can expose mail-service API keys, OAuth tokens, plugin versions, and server details. Site owners should update to Gravity SMTP 2.1.5 or later, check logs, and rotate affected email credentials.

Zero-Day
XREAL
xAI
x402
WWDC 2026
WWDC 2021
WWDC
World Cup 2026
Work IQ
WordPress Security

June 20, 2026