Priya PatelTLDR:
- Hackers are actively exploiting a vulnerability in the WP Automatic Updates plugin, allowing them to bypass authentication and compromise websites.
- The flaw allows for SQL injection attacks, creating admin accounts, uploading malicious files, and potentially taking over the entire site.
Recent discoveries by cybersecurity researchers at WPScan have revealed that hackers are taking advantage of a critical vulnerability in the WP Automatic updates plugin, known as “CVE-2024-27956.” This flaw, affecting versions prior to 3.9.2.0, has a high severity rating of 9.8 on the CVSS scale, making it a significant threat to websites using the plugin.
The vulnerability allows threat actors to bypass authentication measures and execute SQL injection attacks, enabling them to create new admin accounts, upload malicious files, and potentially take complete control of affected websites. Despite the patch being released on 13 March by PatchStack, over 5.5 million attack attempts were recorded, reaching a peak on 31 March.
Attackers exploit the SQL injection vulnerability to inject malicious queries, create admin accounts, upload web shells and backdoors, and maintain persistence on compromised sites. Mitigations recommended by cybersecurity analysts include keeping the plugin updated, auditing user accounts regularly, employing security monitoring tools, and maintaining up-to-date backups to ensure rapid restoration in case of compromise.
Overall, website owners are advised to take immediate action to secure their sites against this active exploitation of the WP Automatic Updates plugin vulnerability to avoid potential data breaches and system compromises.
