CVE-2026-4020: Gravity SMTP WordPress Plugin – Sensitive Information Exposure
Introduction A severe security crisis recently emerged within the WordPress ecosystem involving Gravity SMTP, a widely adopted plugin designed to streamline outbound email delivery. Tracked as CVE-2026-4020, this unauthenticated sensitive information exposure vulnerability has rapidly transitioned from a theoretical risk to an active, widespread threat vector. As attackers increasingly weaponize automation to scan the modern web, leading cybersecurity firms, including Wordfence, have documented