WordPress, the widely used content management system, is under a severe security threat. Malicious actors are actively exploiting a critical vulnerability in the WordPress Automatic plugin, which could allow unauthorized parties to control your website completely, Webscan warns. 

The Vulnerability

• CVE-2024-27956: With a CVSS score of 9.8, this vulnerability is classified as an SQL injection (SQLi) flaw.
• Plugin Affected: The vulnerable plugin is WordPress Automatic, which boasts over 38,000 paying customers.
• Exploitation Mechanism: Attackers exploit the plugin’s handling of user authentication within a single file. By injecting malicious SQL code, they gain elevated system privileges.

It is interesting to know how the attack unfolds:

1. The attack is described as SQL Injection (SQLi); attackers craft specially constructed requests to execute unauthorized database queries. This vulnerability allows unauthenticated visitors to create admin-level user accounts within WordPress.
2. Armed with admin privileges, attackers upload malicious files (such as web shells or backdoors) to the compromised server.
3. To maintain control, the attacker may rename the vulnerable WP-Automatic file, ensuring exclusive exploitation rights.

For Patch and Remediation, the plugin developer, ValvePress, silently patched the issue in versions 3.92.1 and beyond. WPScan has recorded over 5.5 million attempts to exploit this vulnerability since its disclosure on March 13 by security firm Patchstack. The attempts surged, peaking on March 31, 2024. Additional Fixes are available, such as the release of version 3.92.1, which also addresses other critical issues: CVE-2024-27955: High-severity cross-site request forgery (CSRF) fault, and CVE-2024-27954: Critical-severity server-side request forgery (SSRF) and arbitrary file download vulnerability.

Users are advised to take immediate action. If you’re using WordPress Automatic, immediately update to version 3.92.1 or later. Regularly monitor your website for any signs of compromise. Implement additional security measures to safeguard against future threats.