Hackers are mass-exploiting a Gravity SMTP flaw to steal API keys from 100,000 WordPress sites

Attackers are actively exploiting a vulnerability in the Gravity SMTP WordPress plugin that exposes API keys, OAuth tokens, and detailed system configuration data to anyone who sends a single unauthenticated HTTP request.