TL;DR
Wordfence blocked 17M+ attempts to exploit a Gravity SMTP bug that leaks API keys and system data from WordPress sites without authentication.
CVE-2026-4020 exposes a REST API endpoint with no authentication check, returning 365 KB of JSON containing email service credentials, database details, and the full software stack to anyone who asks
Wordfence blocked 17M+ attempts to exploit a Gravit...
