Millions of WP Sites at Risk: Urgent Update Needed to Thwart Hackers
April 25, 2024
A critical vulnerability identified as CVE-2024-27956 in the WP Automatic plugin for WordPress enables hackers to create admin accounts and plant backdoors.
The vulnerability has a high severity score of 9.9 out of 10 and impacts WP Automatic versions prior to 3.9.2.0.
Since the vulnerability was reported by PatchStack, there have been over 5.5 million attacks attempting to exploit it.
Attackers are inserting backdoors and obfuscating code on compromised websites to secure long-term access.
Website administrators should urgently update to WP Automatic version 3.92.1 or higher and regularly back up their sites to mitigate the risk.
Monitoring for new admin accounts and unfamiliar files can help detect if a website has been compromised due to this vulnerability.
Summary based on 1 source
Get a daily email with more Tech stories
Source

BleepingComputer • Apr 25, 2024
WP Automatic WordPress plugin hit by millions of SQL injection attacks