Advertisement
Top

Hackers Exploiting WP-Automatic Plugin Bug to Create Admin Accounts on WordPress Sites

April 26, 2024

Via: The Hacker News
Category:

Threat actors are attempting to actively exploit a critical security flaw in the WP‑Automatic plugin for WordPress that could allow site takeovers.

The shortcoming, tracked as CVE-2024-27956, carries a CVSS score of 9.9 out of a maximum of 10. It impacts all versions of the plugin prior to 3.9.2.0.

“This vulnerability, a SQL injection (SQLi) flaw, poses a severe threat as attackers can exploit it to gain unauthorized access to websites, create admin‑level user accounts, upload malicious files, and potentially take full control of affected sites,” WPScan said in an alert this week.

Read More on The Hacker News

RELATED PUBLICATIONS

Hackers Target Middle East Governments with Evasive “CR4T” Backdoor
China-linked Hackers Deploy New ‘UNAPIMON’ Malware for Stealthy Operations
New Wi-Fi Vulnerabilities Expose Android and Linux Devices to Hackers

Latest Publications

New ‘Cuckoo’ Persistent macOS Spyware Targeting Intel and Arm Macs
Build Scalable Data Pipelines: Proven Best Practices for Snowflake
New Guide Explains How to Eliminate the Risk of Shadow SaaS and Protect Corporate Data
4 billion Android users who downloaded apps flagged by Microsoft need to take some actions to stay safe
Windows 11 market share declines as users seemingly shift back to Windows 10
Technology Curated Copyright © 2024. All rights reserved