Urgent Alert: Critical WordPress Plugin Flaw Exposed, Hackers Launch Attacks – Update Now!
April 27, 2024![Urgent Alert: Critical WordPress Plugin Flaw Exposed, Hackers Launch Attacks – Update Now!](https://cdn.brief.news/images/stories/a28e9575e0a809c24735442e9e1badead4225cf35cd1d048d31c1183bbec1ab7b4df6a3cceab44e48a016be77aa0d0e7c2863faba9f37a885d1292685eb8dcbc.jpg)
A critical SQL injection vulnerability, identified as CVE-2024-27956, has been found in the WordPress Automatic plugin.
Hackers are actively exploiting this flaw to gain unauthorized site access, create admin accounts, upload malware, and potentially seize full site control.
ValvePress, the plugin's developer, released a security patch in version 3.92.1, but did not highlight the fix in the change log.
Security entities, Patchstack and WPScan, have observed over 5.5 million exploit attempts post-disclosure on March 13.
The vulnerability impacts over 38,000 customers and has a critical severity rating of 9.9, affecting versions up to 3.9.2.0.
WordPress site administrators are advised to update to the latest plugin version immediately to prevent exploitation.
Summary based on 5 sources
Get a daily email with more Tech stories
Sources
![Hackers try to exploit WordPress vulnerability that’s as severe as it gets](https://cdn.brief.news/images/links/a28e9575e0a809c24735442e9e1badead4225cf35cd1d048d31c1183bbec1ab7b4df6a3cceab44e48a016be77aa0d0e7c2863faba9f37a885d1292685eb8dcbc.jpg)
Ars Technica • Apr 26, 2024
Hackers try to exploit WordPress vulnerability that’s as severe as it gets![Hackers attempt to hijack a major WordPress plugin that could allow for site takeovers](https://cdn.brief.news/images/links/4ea6b2b01d59d25ebf650c9c00cff0094518925b33d89a1b41a384941aeb38a1bacdea9b7545d77ba61c3f5858cc2b2651c38e525bb680b3a8b4253e3717f617.jpg)
TechRadar pro • Apr 26, 2024
Hackers attempt to hijack a major WordPress plugin that could allow for site takeovers![Hackers Exploiting WP-Automatic Plugin Bug to Create Admin Accounts on WordPress Sites](https://cdn.brief.news/images/links/6969846d626b0930ec376d96ddb0431a10c57708aa210810bdc453844643c68ba508d48ca9e6f0b971b2f0edc391038bc67679594a98f5cd51a64359a0c6c55d.png)
The Hacker News • Apr 26, 2024
Hackers Exploiting WP-Automatic Plugin Bug to Create Admin Accounts on WordPress Sites![Critical WordPress Automatic Plugin Vulnerability Exploited to Inject Backdoors](https://cdn.brief.news/images/links/3f27c42a87a77512ae5a8140109c9b4d6d5fca8931e391816219c87f0c9ad388dc6f11148032f3af31618ccb5232a26f87cfa4fe64d287ed0eb06a6a27198652.jpg)
SecurityWeek • Apr 26, 2024
Critical WordPress Automatic Plugin Vulnerability Exploited to Inject Backdoors