Urgent Alert: Critical WordPress Plugin Flaw Exposed, Hackers Launch Attacks – Update Now!

April 27, 2024
Urgent Alert: Critical WordPress Plugin Flaw Exposed, Hackers Launch Attacks – Update Now!
  • A critical SQL injection vulnerability, identified as CVE-2024-27956, has been found in the WordPress Automatic plugin.

  • Hackers are actively exploiting this flaw to gain unauthorized site access, create admin accounts, upload malware, and potentially seize full site control.

  • ValvePress, the plugin's developer, released a security patch in version 3.92.1, but did not highlight the fix in the change log.

  • Security entities, Patchstack and WPScan, have observed over 5.5 million exploit attempts post-disclosure on March 13.

  • The vulnerability impacts over 38,000 customers and has a critical severity rating of 9.9, affecting versions up to 3.9.2.0.

  • WordPress site administrators are advised to update to the latest plugin version immediately to prevent exploitation.

Summary based on 5 sources


Get a daily email with more Tech stories

Related Stories