Active Targeting of WP-Automatic Plugin Flaw Raises Concerns for Site Takeover
Active Targeting of WP-Automatic Plugin Flaw Raises Concerns for Site Takeover
Summary:
The critical SQL Injection vulnerability (CVE-2024-27956) in the WP-Automatic plugin for WordPress poses a serious risk. Attackers could exploit this flaw to gain unauthorized access to websites, create admin accounts, upload malicious files, and potentially take complete control. Since the disclosure of the flaw, there have been over 5.5 million exploitation attempts detected.
Threat Level – Red | Vulnerability Report
To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.