A critical vulnerability identified as CVE-2024-27956 in the WP Automatic plugin for WordPress enables hackers to create admin accounts and plant backdoors.

The vulnerability has a high severity score of 9.9 out of 10 and impacts WP Automatic versions prior to 3.9.2.0.

Since the vulnerability was reported by PatchStack, there have been over 5.5 million attacks attempting to exploit it.

Attackers are inserting backdoors and obfuscating code on compromised websites to secure long-term access.

Website administrators should urgently update to WP Automatic version 3.92.1 or higher and regularly back up their sites to mitigate the risk.

Monitoring for new admin accounts and unfamiliar files can help detect if a website has been compromised due to this vulnerability.