News

Blog

Friday, April 26th, 2024

Threat Report – Actively exploited critical vulnerability found in WordPress Automatic Plugin – April 2024

Threat Reports are reports created by Smarttech247 based on high and critical severity vulnerabilities that may have a high potential to be exploited in the wild i.e. vulnerabilities that are present in most used products by companies and do not have an auto-update option or they are usually not automatically updated in case that could lead to some service disruption. This report is usually created as soon as the vulnerability is released, therefore we strongly recommend that the information is reviewed, tests are performed and patches are applied before the first proof-of-concept is released.


Even though certain vulnerabilities may not have an active exploit in the wild at the time that we report on them, we take into consideration the wider risk and the impact it could have on systems, should an exploit like that be available after a while. Our duty is to report them on time and we recommend enterprises that, in order to keep critical business systems protected, they should consider, on average, ten working days to check whether or not the new vulnerability affects them, and if so, to implement actions in order to remove the risk.


Overview

A security vulnerability in the WP Automatic WordPress plugin, identified as CVE-2024-27956, has exposed millions of websites to SQL injection attacks. The plugin, which automates content publishing on WordPress websites, is being targeted by hackers who are exploiting the flaw to inject malicious code and take control of affected sites. The vulnerability poses a significant risk to website owners using the WP Automatic plugin and highlights the importance of regularly updating plugins and maintaining strong security practices. Security experts have warned users to be vigilant and take immediate action to mitigate the impact of potential attacks.


RISK
Government:

  • – Large and medium government entities: Critical
  • – Small government entities: Critical
    Businesses:
  • – Large and medium business entities: Critical
  • – Small business entities: Critical


For more information see the full report:

Contact Us

The data you supply here will not be added to any mailing list or given to any third party providers without further consent. View our Privacy Policy for more information.

    Copyright Smarttech247 - 2021