Advertisement
A critical vulnerability found in the widely used WordPress plugin, WP-Automatic, has been actively exploited by hackers, posing a significant threat to website security, according to researchers.
Discovered by WordPress security firm Patchstack in mid-March 2024, the vulnerability is an SQL injection (SQLi) flaw in the WP-Automatic plugin. WP-Automatic is designed to automate content importing and publishing from various sources, including RSS feeds, websites, YouTube channels, and more.
The vulnerability allows cybercriminals to exploit the flaw to gain unauthorized access to websites, create administrator-level user accounts, upload malicious files, and potentially take full control of affected sites. Hackers have already exploited the flaw to create new administrator accounts, which they later utilize for further attacks, such as installing malicious add-ons and exfiltrating sensitive data.
Rated as critical with a severity score of 9.9, the vulnerability is tracked as CVE-2024-27956. All versions of WP-Automatic up to 3.9.2.0 are vulnerable to exploitation. More than five million exploitation attempts have been recorded so far.
After compromising a WordPress site, attackers establish persistent access by creating backdoors and obfuscating the code. They may also rename the vulnerable WP-Automatic file to evade detection and maintain access, making it challenging for website owners or security tools to identify or block the issue.