Critical Flaw in WP Automatic WordPress Plugin Allows Admin Account Hijacking

A critical vulnerability in the WP Automatic plugin for WordPress has become a target for threat actors, allowing them to create user accounts with administrative privileges and implant backdoors for sustained access.

Installed on over 30,000 websites, WP Automatic enables administrators to automate content importing from various online sources, including text, images, and video, for publishing on their WordPress site.

Dubbed CVE-2024-27956, the vulnerability has garnered a severity score of 9.9/10. Disclosed by researchers at PatchStack vulnerability mitigation service on March 13, it is described as an SQL injection issue affecting WP Automatic versions prior to 3.9.2.0.

Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.

The vulnerability lies in the plugin’s user authentication mechanism, permitting attackers to bypass it and submit SQL queries to the site’s database. Crafted queries enable hackers to establish administrator accounts on the target website.

WPScan, from Automattic, has reported over 5.5 million attack attempts since PatchStack disclosed the issue, with the majority occurring on March 31st. Upon gaining admin access, attackers create backdoors and obfuscate code to evade detection.

“After compromising a WordPress site, attackers ensure continued access by creating backdoors and obfuscating code,” states WPScan’s report.

Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]

Source: bleepingcomputer.com

Source Link