Gravity SMTP WordPress Plugin Vulnerability Exploited

The Hacker News reports that a vulnerability in the Gravity SMTP WordPress plugin is being actively exploited. Identified as CVE-2026-4020, this flaw allows attackers to extract sensitive data such as API keys and OAuth tokens from affected sites. With over 100,000 installations, this vulnerability poses a significant risk to website security.

Why this matters for UK organisations

For UK businesses using WordPress, timely updates and patch management are critical. Vulnerabilities in widely-used plugins can provide attackers with easy access to sensitive information, potentially leading to broader security breaches. Ensuring that all plugins are up-to-date is essential to maintaining website security.

What to review

UK organisations using WordPress should immediately ensure all plugins are updated to the latest versions. Regularly review and manage plugin security to prevent potential data breaches. This includes conducting security audits and monitoring for any signs of exploitation or unauthorised access.

Source: The Hacker News