sql injection banner

WP Automatic Flaw Triggers Millions of SQL Injection Attacks on WordPress Sites

2 Mins Read

PUREVPNNewsWP Automatic Flaw Triggers Millions of SQL Injection Attacks on WordPress Sites

WordPress sites using the WP Automatic plugin are currently facing a severe security threat. This plugin, which helps administrators import and publish content from various online sources automatically, is installed on over 30,000 websites. 

A recent discovery has shown that hackers are exploiting a high-risk vulnerability in the plugin to gain unauthorized administrative access and plant backdoors for sustained control. Find out everything you need to know about it below.

What is the Flaw?

The vulnerability lies in WP Automatic’s user authentication process, which can be manipulated to execute SQL commands directly on the website’s database. This allows attackers to create their own admin accounts on the affected sites. Identified as CVE-2024-27956, the flaw has been given a critical severity rating of 9.9 out of 10. 

It was first reported by PatchStack, a vulnerability mitigation service, on March 13 and affects versions of WP Automatic prior to 3.9.2.0. Since the disclosure of this vulnerability, more than 5.5 million attempts to exploit this weakness were recorded on March 31 alone, according to Automattic’s WPScan. 

How Hackers Maintain Access

The attackers, upon gaining admin access, proceed to install backdoors and obscure the code to ensure their activities remain hidden. Post-infiltration, hackers take several steps to secure their foothold within the compromised sites. 

They often rename the vulnerable file, typically “csv.php”, to prevent other malicious entities from exploiting the same flaw or to dodge detection. Plus, the hackers also install additional plugins that facilitate file uploads and code alterations, enhancing their control over the website.

Identifying and Addressing the Compromise

WPScan has outlined several indicators that can help administrators determine if their site has been compromised. These include the presence of an admin account starting with “xtw” and files named web.php and index.php, which serve as backdoors.

To safeguard against this threat, it is crucial for administrators to update the WP Automatic plugin to version 3.92.1 or newer. Additionally, regular backups of the website are recommended. This practice allows administrators to restore a clean version of the site quickly should it become compromised.

Final Word

By staying vigilant and implementing the security measures recommended above, WordPress admins can protect their sites from potential threats posed by this serious vulnerability.

author

Anas Hasan

date

April 26, 2024

time

1 week ago

Anas Hassan is a tech geek and cybersecurity enthusiast. He has a vast experience in the field of digital transformation industry. When Anas isn’t blogging, he watches the football games.

Related Stories

DropBox Sign Breached by Hackers, Customer Data and Other Info Stolen 

DropBox Sign Breached by Hackers, Customer Data and Other Info Stolen 
Posted on May 3, 2024
‘Dirty Stream’ Attack Affects Android Apps, Microsoft Warns

‘Dirty Stream’ Attack Affects Android Apps, Microsoft Warns
Posted on May 3, 2024
Cuttlefish Malware Targets Routers to Steal Authentication Data

Cuttlefish Malware Targets Routers to Steal Authentication Data
Posted on May 2, 2024

Have Your Say!!

Join 3 million+ users to embrace internet freedom

Signup for PureVPN to get complete online security and privacy with a hidden IP address and encrypted internet traffic.

Get PureVPN