Security News > 2024 > April > WP Automatic WordPress plugin hit by millions of SQL injection attacks

WP Automatic WordPress plugin hit by millions of SQL injection attacks
2024-04-25 14:27

Hackers have started to target a critical severity vulnerability in the WP Automatic plugin for WordPress to create user accounts with administrative privileges and to plant backdoors for long-term access.

Currently installed on more than 30,000 websites, WP Automatic lets administrators automate content importing from various online sources and publishing on their WordPress site.

The exploited vulnerability is identified as as CVE-2024-27956 and received a severity score of 9.9/10. It was disclosed publicly by researchers at PatchStack vulnerability mitigation service on March 13 and described as an SQL injection issue that impacts affecting WP Automatic versions before 3.9.2.0.

To mitigate the risk of being breached, researchers recommend WordPress site administrators to update the WP Automatic plugin to version 3.92.1 or later.

Critical Forminator plugin flaw impacts over 300k WordPress sites.

Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware.


News URL

https://www.bleepingcomputer.com/news/security/wp-automatic-wordpress-plugin-hit-by-millions-of-sql-injection-attacks/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Wordpress 7 2 93 44 18 157
Plugin 2 0 13 1 0 14