"WP Automatic WordPress Plugin Hit by Millions of SQL Injection Attacks"

According to security researchers at PatchStack, hackers have started to target a critical severity vulnerability in the WP Automatic plugin for WordPress to create user accounts with administrative privileges and to plant backdoors for long-term access. Currently installed on more than 30,000 websites, WP Automatic lets administrators automate content importing (e.g. text, images, video) from various online sources and publishing on their WordPress site. The exploited vulnerability is identified as as CVE-2024-27956 and received a severity score of 9.9/10. The researchers disclosed the vulnerability publicly on March 13 and described it as an SQL injection issue that impacts affecting WP Automatic versions before 3.9.2.0. The researchers noted that the issue is in the plugin's user authentication mechanism, which can be bypassed to submit SQL queries to the site's database. Hackers can use specially crafted queries to create administrator accounts on the target website. Since the researchers disclosed the security issue, Automattic's WPScan observed more than 5.5 million attacks trying to leverage the vulnerability, most of them being recorded on March 31. WPScan reports that after obtaining admin access to the target website, attackers create backdoors and obfuscate the code to make it more difficult to find. To mitigate the risk of being breached, the researchers recommend WordPress site administrators to update the WP Automatic plugin to version 3.92.1 or later.

BleepingComputer reports: "WP Automatic WordPress Plugin Hit by Millions of SQL Injection Attacks"