Attackers are actively exploiting a vulnerability in the Gravity SMTP WordPress plugin that exposes API keys, OAuth tokens, and detailed system configuration data to anyone who sends a single unauthenticated HTTP request. Wordfence, the WordPress security firm owned by Defiant, says it has blocked more than 17 million exploit attempts targeting the flaw since activity […]
This story continues at The Next Web
