Hackers are trying to hijack a major WordPress plugin that could enable site takeovers
A critical vulnerability recently discovered in a popular WordPress plugin is being actively exploited, researchers say, with hackers potentially able to use the flaw to completely take over a victim’s website.
WordPress security company Patchstack first discovered a SQL injection (SQLi) vulnerability in the WP-Automatic plugin in mid-March 2024.
WP-Automatic is a WordPress plugin designed to automate the process of importing and publishing content from various sources. It can pull content from RSS feeds, websites, YouTube channels and more, then automatically create and publish posts.
Five million attacks
According to a WPScan alert, cybercriminals can use the flaw to “gain unauthorized access to websites, create administrator-level user accounts, upload malicious files, and potentially take full control of affected sites.” Until now, the bug was used to create new websites. administrator accounts, which the hackers would later use for additional attacks (installing malicious add-ons, exfiltrating sensitive data, and more).
It was rated 9.9 (critical) and tracked as CVE-2024-27956. All versions up to and including 3.9.2.0 are said to be vulnerable. More than five million exploitation attempts have been recorded to date.
“Once a WordPress site is compromised, attackers ensure the longevity of their access by creating backdoors and obfuscating the code,” WPScan said. “To evade detection and maintain access, attackers can also rename the vulnerable WP-Automatic file, making it difficult for website owners or security tools to identify or block the problem.”
The hacker newsalso said that the file renaming component could also possibly be an attempt by hackers to prevent other hackers from taking over.
WordPress is by far the most popular platform for building websites today, serving almost half of the entire Internet. Still, it is considered relatively safe, with themes and plugins being the weakest link. WordPress site users are advised to only install themes and add-ons that they plan to use, and keep them up to date at all times.