Threat actors are attempting to actively exploit a critical security flaw in the WP‑Automatic plugin for WordPress that could allow site takeovers.
The shortcoming, tracked as CVE-2024-27956, carries a CVSS score of 9.9 out of a maximum of 10. It impacts all versions of the plugin prior to 3.9.2.0.
“This vulnerability, a SQL injection (SQLi) flaw, poses a severe threat as
Source link
Hackers Exploiting WP-Automatic Plugin Bug to Create Admin Accounts on WordPress Sites
Related Posts
FTC report exposes massive data collection by social media brands – how to protect yourself
Matt Cardy/Getty ImagesA US Federal Trade Commission (FTC) report published today follows the commission’s four-year investigation into how nine social media companies and streaming services collect and use consumer data. As it…
Wherever There’s Ransomware, There’s Service Account Compromise. Are You Protected?
Until just a couple of years ago, only a handful of IAM pros knew what service accounts are. In the last years, these silent Non-Human-Identities (NHI) accounts have become one…