A critical security vulnerability has been fixed in a WordPress plugin
A security vulnerability (CVE-2026-4020) has been discovered in the widely used Gravity SMTP plugin for WordPress. This vulnerability affects versions 2.1.4 and earlier. An attacker could exploit these vulnerability to trigger security restriction bypass, spoofing and denial of service condition on the targeted system.
Administrators are advised to update the Gravity SMTP plugin to version 2.1.5 as soon as possible.
Source: wordfence.com
26 June 2026