What happened Threat actors are actively exploiting an unauthenticated information disclosure vulnerability in the Gravity SMTP WordPress plugin, which is installed on more than 100,000 WordPress ...

Hackers are exploiting a vulnerability in the Gravity SMTP WordPress plugin to extract configuration data, including API keys ...

Wordfence has blocked 17M+ exploit attempts targeting a Gravity SMTP bug that leaks API keys, OAuth tokens, and full system reports without authentication.

Gravity SMTP WordPress vulnerability CVE-2026-4020 has drawn 17 million automated exploit attempts since May 2026, draining ...

Attackers are exploiting CVE-2026-4020 in Gravity SMTP to leak API keys, OAuth tokens, and system data from WordPress sites.

Three popular plugins served malicious JavaScript through a compromised CDN.

Thousands of sites running WordPress remain unpatched against a critical security flaw in a widely used plugin that was being actively exploited in attacks that allow for unauthenticated execution of ...

Websites using a vulnerable version of the WordPress plugin, ThemeGrill Demo Importer, are being targeted by attackers. Researchers are urging users of a vulnerable WordPress plugin, ThemeGrill Demo ...

Hackers are assailing websites using a prominent WordPress plugin with millions of attempts to exploit a high-severity vulnerability that allows complete takeover, researchers said. The vulnerability ...

The WooCommerce Square plugin enables WordPress sites to accept payments through the Square POS, as well as synchronize product inventory data between Square and WooCommerce. Square plugin enables a ...

A stored XSS and arbitrary file-upload bug can be paired with an authorization bypass to wreak havoc. Vulnerabilities in the Brizy Page Builder plugin for WordPress sites could be chained together to ...