Hackers Exploiting LiteSpeed Cache Bug to Gain Full Control of WordPress Sites

May 8, 2024 at 04:28AM A high-severity vulnerability (CVE-2023-40000, CVSS score: 8.3) in the LiteSpeed Cache plugin for WordPress is being actively exploited by threat actors to create rogue admin accounts. The flaw, which allows for stored cross-site scripting, was disclosed in February 2024 and fixed in version 5.7.0.1. Users are urged to update and … Read more

Critical WordPress Automatic Plugin Vulnerability Exploited to Inject Backdoors

April 26, 2024 at 06:12AM Threat actors are exploiting a critical-severity vulnerability (CVE-2024-27956, CVSS score 9.8) in WordPress Automatic plugin, allowing them to inject malicious code, gain admin privileges, create new accounts, and maintain access to compromised sites. Over 5 million exploit attempts have been seen. Users are advised to update to version 3.92.1 to … Read more

Hackers Exploiting WP-Automatic Plugin Bug to Create Admin Accounts on WordPress Sites

April 26, 2024 at 02:42AM Threat actors are actively exploiting a critical security flaw (CVE-2024-27956) in WP‑Automatic plugin for WordPress, posing high risk. Exploitation can lead to unauthorized access, admin account creation, file uploads, and site control. Over 5.5M attack attempts detected, alongside other plugin vulnerabilities (e.g., CVE-2024-2876, CVE-2024-28890, CVE-2024-2417, CVE-2024-32514). Stay updated for more … Read more

WP Automatic WordPress plugin hit by millions of SQL injection attacks

April 25, 2024 at 10:29AM Hackers are targeting WP Automatic plugin for WordPress, exploiting the CVE-2024-27956 vulnerability. The issue allows the creation of admin accounts and backdoors. Over 5.5 million attack attempts have been recorded, prompting the recommendation to update to version 3.92.1 and frequently backup websites to mitigate the risk. After reviewing the meeting … Read more