ByteBrief

Best read upright.

We're a portrait publication through and through. Turn your phone back and your briefing picks up right where you left it.

(We tried widescreen once. It wasn't us.)

ByteBrief

Developing2 outlets · over 2 days

Gravity SMTP flaw exposes API keys on 100K sites

A vulnerability in the Gravity SMTP WordPress plugin, tracked as CVE-2026-4020, leaks API keys, OAuth tokens, and system data via an unauthenticated REST API endpoint. Wordfence has blocked over 17 million exploit attempts since early May 2026. The plugin is installed on roughly 100,000 sites.

Read the full brief

The story so far2 updates, latest first.

Latest
Gravity SMTP Plugin Flaw Exploited for Data Theft
SSecurityWeek·5 days ago
Gravity SMTP flaw leaks API keys from 100K WordPress sites
TThe Next Web·7 days ago

Tracked by ByteBrief