Hackers are mass-exploiting a Gravity SMTP flaw to steal API keys from 100,000 WordPress sites
Attackers are actively exploiting a vulnerability in the Gravity SMTP WordPress plugin that exposes API keys, OAuth tokens, and detailed system configuration data to anyone