A security flaw in the Gravity SMTP WordPress plugin has drawn more than 17 million automated exploit attempts since early May 2026 — and every site that ran an unpatched version while those attacks ...