all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Hackers Exploiting WP-Automatic Plugin Bug to Create Admin Accounts on WordPress Sites

Add to bookmarks
April 26, 2024, 5:49 a.m. | info@thehackernews.com (The Hacker News)

The Hacker News thehackernews.com

Threat actors are attempting to actively exploit a critical security flaw in the WP‑Automatic plugin for WordPress that could allow site takeovers.
The shortcoming, tracked as CVE-2024-27956, carries a CVSS score of 9.9 out of a maximum of 10. It impacts all versions of the plugin prior to 3.9.2.0.
"This vulnerability, a SQL injection (SQLi) flaw, poses a severe threat as

accounts admin automatic bug critical cve cve-2024 cvss cvss score exploit exploiting flaw hackers plugin score security security flaw takeovers threat threat actors wordpress wordpress sites

Visit resource

More from thehackernews.com / The Hacker News

Critical Tinyproxy Flaw Opens Over 50,000 Hosts to Remote Code Execution 10 hours ago | thehackernews.com
cisco code code execution critical +21
China-Linked Hackers Suspected in ArcaneDoor Cyberattacks Targeting Network Devices 10 hours ago | thehackernews.com
arcanedoor attack attack surface attack surface management +23
It Costs How Much?!? The Financial Pitfalls of Cyberattacks on SMBs 13 hours ago | thehackernews.com
business cyberattacks cybercriminals financial +8
Xiaomi Android Devices Hit by Multiple Flaws Across Apps and System Components 14 hours ago | thehackernews.com
access account android android devices +20
New 'Cuckoo' Persistent macOS Spyware Targeting Intel and Arm Macs 16 hours ago | thehackernews.com
act apple apple macos arm +19
Microsoft Outlook Flaw Exploited by Russia's APT28 to Hack Czech, German Entities 2 days, 15 hours ago | thehackernews.com
actor apt28 campaign cyber +24
Expert-Led Webinar - Uncovering Latest DDoS Tactics and Learn How to Fight Back 3 days, 11 hours ago | thehackernews.com
address attacks back business +22
Hackers Increasingly Abusing Microsoft Graph API for Stealthy Malware Communications 3 days, 11 hours ago | thehackernews.com
abusing aim amp api +25
New Guide Explains How to Eliminate the Risk of Shadow SaaS and Protect Corporate Data 3 days, 13 hours ago | thehackernews.com
address applications business corporate +15

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

IT Security Engineer

@ Timocom GmbH | Erkrath, Germany
View on infosec-jobs.com

Consultant SOC / CERT H/F

@ Hifield | Sèvres, France
View on infosec-jobs.com

Privacy Engineer, Implementation Review

@ Meta | Menlo Park, CA | Seattle, WA
View on infosec-jobs.com

Cybersecurity Specialist (Security Engineering)

@ Triton AI Pte Ltd | Singapore, Singapore, Singapore
View on infosec-jobs.com

SOC Analyst

@ Rubrik | Palo Alto
View on infosec-jobs.com

Consultant Tech Advisory H/F

@ Hifield | Sèvres, France
View on infosec-jobs.com
View more jobs