WP Automatic WordPress Plugin: A Target of Devastating SQL Injection Attacks, here is what we know, A Quick Look.

HFS Servers

WP Automatic WordPress Plugin: A Target of Devastating SQL Injection Attacks, here is what we know, A Quick Look.

In recent news, the WP Automatic plugin for WordPress has been hit by millions of SQL injection attacks. This article aims to provide an informative overview of the situation, using the information and facts available at the time of writing.

The Vulnerability

The WP Automatic plugin, currently installed on more than 30,000 websites, allows administrators to automate content importing from various online sources and publishing on their WordPress site. However, a critical severity vulnerability has been identified in this plugin.

The vulnerability, known as CVE-2024-27956, received a severity score of 9.9/10. It was publicly disclosed by researchers at PatchStack, a vulnerability mitigation service, on March 13. The issue lies in the plugin’s user authentication mechanism, which can be bypassed to submit SQL queries to the site’s database.

The Impact of WordPress Vulnerability

Hackers have started to exploit this vulnerability to create user accounts with administrative privileges and to plant backdoors for long-term access. Over 5.5 million attack attempts have been observed since the disclosure of the security issue.

Once a WordPress site is compromised, attackers ensure their access longevity by creating backdoors and obfuscating the code. To prevent other hackers from compromising the website by exploiting the same issue and to avoid detection, the hackers also rename the vulnerable file “csv.php”.

Mitigation Measures

To mitigate the risk of being breached, researchers recommend WordPress site administrators to update the WP Automatic plugin to version 3.92.1 or later. WPScan also recommends that website owners frequently create backups of their site so they can install clean copies quickly in case of a compromise.

Indicators of Compromise of WordPress

Administrators can check for signs that hackers took over the website by looking for the presence of an admin account starting with “xtw” and files named web.php and index.php, which are the backdoors planted in the recent campaign.

In conclusion, the WP Automatic WordPress plugin has been targeted by millions of SQL injection attacks. It’s crucial for administrators to update their plugins and maintain regular backups to mitigate the risk of such attacks. Stay safe and keep your websites secure!


You think you have a story worth everyone’s time? SUBMIT A STORY and we will publish it.

Share this content:

Post Comment