Urgent Alert: Critical WordPress Plugin Flaw Exposed, Hackers Launch Attacks – Update Now!

April 27, 2024
Urgent Alert: Critical WordPress Plugin Flaw Exposed, Hackers Launch Attacks – Update Now!
Tech
Tech
Cybersecurity
Cybersecurity

  • A critical SQL injection vulnerability, identified as CVE-2024-27956, has been found in the WordPress Automatic plugin.

  • Hackers are actively exploiting this flaw to gain unauthorized site access, create admin accounts, upload malware, and potentially seize full site control.

  • ValvePress, the plugin's developer, released a security patch in version 3.92.1, but did not highlight the fix in the change log.

  • Security entities, Patchstack and WPScan, have observed over 5.5 million exploit attempts post-disclosure on March 13.

  • The vulnerability impacts over 38,000 customers and has a critical severity rating of 9.9, affecting versions up to 3.9.2.0.

  • WordPress site administrators are advised to update to the latest plugin version immediately to prevent exploitation.

Summary based on 5 sources

Get a daily email with more Tech stories

Sources

Hackers try to exploit WordPress vulnerability that’s as severe as it gets

Ars Technica • Apr 26, 2024

Hackers try to exploit WordPress vulnerability that’s as severe as it gets
Hackers attempt to hijack a major WordPress plugin that could allow for site takeovers

TechRadar pro • Apr 26, 2024

Hackers attempt to hijack a major WordPress plugin that could allow for site takeovers
Hackers Exploiting WP-Automatic Plugin Bug to Create Admin Accounts on WordPress Sites

The Hacker News • Apr 26, 2024

Hackers Exploiting WP-Automatic Plugin Bug to Create Admin Accounts on WordPress Sites
Critical WordPress Automatic Plugin Vulnerability Exploited to Inject Backdoors

SecurityWeek • Apr 26, 2024

Critical WordPress Automatic Plugin Vulnerability Exploited to Inject Backdoors

More Stories