Active exploits hit Gravity SMTP (CVE-2026-4020); Avada Builder critical bug patched (CVE-2026-8713)

Originally published at: Active exploits hit Gravity SMTP (CVE-2026-4020); Avada Builder critical bug patched (CVE-2026-8713) - ToolsLib Blog

Active exploitation hits Gravity SMTP (CVE-2026-4020) while Avada Builder’s critical file deletion bug (CVE-2026-8713) is patched. Update now, check logs for the Gravity SMTP REST endpoint, and consult Wordfence’s indicators for targeted IPs.