Hackers are mass-exploiting a Gravity SMTP flaw to steal API keys from 100,000 WordPress sites (opens in new tab)

Attackers are actively exploiting a vulnerability in the Gravity SMTP WordPress plugin that exposes API keys, OAuth tokens, and detailed system configuration data to anyone who sends a single unauthenticated HTTP request. Wordfence, the WordPress security firm owned by Defiant, says it has blocked more than 17 million exploit attempts targeting the flaw since activity […] at The Next Web