April 26, 2024 at 02:42AM
Threat actors are actively exploiting a critical security flaw (CVE-2024-27956) in WP‑Automatic plugin for WordPress, posing high risk. Exploitation can lead to unauthorized access, admin account creation, file uploads, and site control. Over 5.5M attack attempts detected, alongside other plugin vulnerabilities (e.g., CVE-2024-2876, CVE-2024-28890, CVE-2024-2417, CVE-2024-32514). Stay updated for more exclusive content.
Summary of the meeting notes:
– Threat actors are actively exploiting a critical security flaw in the WP-Automatic plugin for WordPress, tracked as CVE-2024-27956. It carries a CVSS score of 9.9 and impacts all versions of the plugin prior to 3.9.2.0.
– The vulnerability, a SQL injection (SQLi) flaw, allows attackers to gain unauthorized access to websites, create admin-level user accounts, upload malicious files, and potentially take full control of affected sites.
– Attackers are using this vulnerability to execute unauthorized database queries, create new admin accounts on susceptible WordPress sites, and install plugins for follow-on post-exploitation actions.
– Once a WordPress site is compromised, attackers ensure the longevity of their access by creating backdoors and obfuscating the code.
– The threat actors are attempting to prevent other attackers from exploiting the already compromised sites.
– Since its public disclosure by Patchstack on March 13, 2024, more than 5.5 million attack attempts have been detected in the wild.
– Severe bugs have also been disclosed in other plugins such as Email Subscribers, Forminator, and User Registration, which could be used to extract sensitive data and grant unauthorized privileges.
– Patchstack has also warned of an unpatched issue in the Poll Maker plugin that allows for remote code execution.
Please let me know if you require further information or analysis on these meeting notes.