April 26, 2024 at 06:12AM
Threat actors are exploiting a critical-severity vulnerability (CVE-2024-27956, CVSS score 9.8) in WordPress Automatic plugin, allowing them to inject malicious code, gain admin privileges, create new accounts, and maintain access to compromised sites. Over 5 million exploit attempts have been seen. Users are advised to update to version 3.92.1 to address the issue.
Key Takeaways from the meeting notes:
1. Threat actors are exploiting a critical-severity vulnerability (CVE-2024-27956) in the WordPress Automatic plugin to inject malicious code into websites, enabling them to gain administrator privileges and potentially take over affected websites.
2. Attackers can bypass the authentication mechanism, create new administrator accounts, and maintain access to compromised sites by renaming the vulnerable plugin file, allowing them to upload malicious files and evade detection.
3. The vulnerability impacts WordPress Automatic versions up to 3.92.0 and has seen over 5 million exploit attempts since its public disclosure on March 13.
4. The issue was addressed in Automatic version 3.92.1, which also fixes critical-severity server-side request forgery (SSRF) and arbitrary file download flaw (CVE-2024-27954), and a high-severity cross-site request forgery (CSRF) bug (CVE-2024-27955), as reported by Defiant.
5. Successful exploitation of these vulnerabilities could allow attackers to modify information from internal services, access arbitrary files on the server, and escalate privileges.
6. WordPress Automatic users are strongly advised to update their installations promptly to mitigate the risks associated with these vulnerabilities.