Gravity SMTP Plugin Zero-Day: Unauthenticated Attackers Expose WordPress API Keys (CVE-2026-4020)
Threat actors exploit Gravity SMTP WordPress plugin (CVE-2026-4020) to extract API keys, secrets, and OAuth tokens from 100,000 sites.
wordpress-security
Supply Chain Breach: OptinMonster & Sister Plugins Implant Backdoors on 1.2M WordPress Sites
Critical supply chain attack compromises popular WordPress plugins, deploying stealthy backdoors on 1.2 million sites.
Critical Everest Forms Pro RCE Flaw: Unpacking the WordPress Admin Hijack
Deep dive into Everest Forms Pro RCE vulnerability, enabling remote code execution and rogue WordPress admin accounts.