Attackers are exploiting CVE-2026-4020 in Gravity SMTP to leak API keys, OAuth tokens, and system data from WordPress sites.

A vulnerability in the popular Ultimate Member WordPress plugin enables account takeover by exposing password reset links.

A recent attack compromised over 30 WordPress plugins through a backdoor acquired by purchasing the original developers. This ...

Tampered JavaScript in three Awesome Motive plugins exposed WordPress sites to rogue admin accounts and hidden backdoors.

Three popular plugins served malicious JavaScript through a compromised CDN.

Gravity SMTP WordPress vulnerability CVE-2026-4020 has drawn 17 million automated exploit attempts since May 2026, draining ...

Hackers are exploiting a vulnerability in the Gravity SMTP WordPress plugin to extract configuration data, including API keys ...

What happened Threat actors are actively exploiting an unauthenticated information disclosure vulnerability in the Gravity SMTP WordPress plugin, which is installed on more than 100,000 WordPress ...

WordPress plugins are helpful. But they can also slow a site down, invite hackers and even cause a Google penalty. These are my top five considerations when choosing a WordPress plugin. The plugin is ...

Wordfence has blocked 17M+ exploit attempts targeting a Gravity SMTP bug that leaks API keys, OAuth tokens, and full system reports without authentication.

Editorial Note: Forbes Advisor may earn a commission on sales made from partner links on this page, but that doesn't affect our editors' opinions or evaluations. In 2024, WordPress is one of the most ...