A critical SQL injection vulnerability (CVE-2024-27956) in the WP-Automatic plugin is being actively exploited. With a max severity of 9.9/10, this bug enables site takeovers and malicious activities.


affecting WP Automatic versions before 3.92.0


The issus is in the plugin’s user authentication mechanism, which can be bypassed to submit SQL queries to the site’s database. Hackers can use specially crafted queries to create administrator accounts on the target website.


✅ It is recommended WordPress site administrators to update the WP Automatic plugin to version 3.92.1 or later.


Stay Safe.


Monday, April 29, 2024

« Back