Hackers Exploiting WP-Automatic Plugin Bug to Create Admin Accounts on WordPress Sites

Hackers Exploiting WP-Automatic Plugin Bug to Create Admin Accounts on WordPress Sites


Threat actors are attempting to actively exploit a critical security flaw in the WP‑Automatic plugin for WordPress that could allow site takeovers.
The shortcoming, tracked as CVE-2024-27956, carries a CVSS score of 9.9 out of a maximum of 10. It impacts all versions of the plugin prior to 3.9.2.0.
“This vulnerability, a SQL injection (SQLi) flaw, poses a severe threat as

The post “Hackers Exploiting WP-Automatic Plugin Bug to Create Admin Accounts on WordPress Sites” appeared first on The Hacker News

Source:The Hacker News – [email protected] (The Hacker News)