Hackers Exploiting WP-Automatic Plugin Bug to Create Admin Accounts on WordPress Sites

2024-04-26 05:49

Threat actors are attempting to actively exploit a critical security flaw in the WP‑Automatic plugin for WordPress that could allow site takeovers. The shortcoming, tracked as CVE-2024-27956, carries a CVSS score of 9.9 out of a maximum of 10. It impacts all versions of the plugin prior to 3.9.2.0. "This vulnerability, a SQL injection (SQLi) flaw, poses a severe threat as

News URL

https://thehackernews.com/2024/04/hackers-exploiting-wp-automatic-plugin.html

#hacker #wordpress #CVE-2024-27956

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2024-03-21	CVE-2024-27956	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Automatic allows SQL Injection.This issue affects Automatic: from n/a through 3.92.0. CWE-89	0.0

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Wordpress		49	36	409	104	29	578
Plugin		2	0	13	0	0	13

News URL

Related news

Related Vulnerability

Related vendor