Hackers Exploit New Vulnerability in WP Automatic Plugin

Hackers have started to exploit a critical vulnerability in the WP Automatic plugin for WordPress. The bug is being used to create new users with administrator rights and inject backdoors.

Currently, WP Automatic is installed on more than 30,000 websites. The plugin allows administrators to automate the import of content (such as text, images, and videos) from various sources and publish it on their site using WordPress.

The vulnerable exploit has the identifier CVE-2024-27956 and is rated 9.8 out of 10 on the CVSS scale. The issue was discovered and disclosed by PatchStack researchers in March 2024. Specialists described it as a SQL injection problem affecting WP Automatic up to version 3.9.2.0. Meaning the vulnerability was fixed in version 3.92.1 or later.

The bug is related to the plugin’s authentication mechanism, which can be bypassed to send SQL queries to the website’s database. As a result, hackers can use specially crafted queries to create new administrator accounts on the target resource.

According to WPScan, since PatchStack reported the issue, there have been over 5.5 million attack attempts on the vulnerability, with the majority occurring on March 31 of the current year.

WPScan reports that after gaining administrative access to a site, malicious actors create backdoors and obfuscate the code to make detection of the breach more difficult. Additionally, to prevent other hackers from compromising the same site and to avoid detection, hackers rename the vulnerable file csv.php (/wp-content/plugins/wp-automatic/inc/csv.php), for example, transforming it into csv65f82ab408b3.php.

Once they have control of a site, attackers typically install additional plugins that allow them to upload files and edit code.

WPScan reminds that administrators can detect signs of compromise by looking for an administrator account starting with “xtw” and files named web.php and index.php, which are backdoors installed during attacks.

0 / 5

Your page rank:


Subscribe: YouTube page opens in new windowLinkedin page opens in new windowTelegram page opens in new window

Leave a Reply

Your email address will not be published. Required fields are marked *

Post comment