The Download
WordPress Automatic (WP Automatic), a plug-in installed on over 30,o00 websites, is vulnerable to attack that can result in the compromise of the website. The vulnerability tracked as CVE-2024-27956 has severity 9.9/10, which is no laughing matter. The vulnerability is a SQL injection attack that allows an attacker to assume administrative control over the web server.
A service called WPScan that monitors WordPress sites observed over 5.5 million attempted exploits of the vulnerability already. Once the website is compromised, the attackers set up backdoors on the server to give them persistent hidden access to the site. The risk to organizations is a compromised website can be used to attack other sites which can results in blacklisting of your domain, hosting of malware which can compromise the website's visitors, and website defacement for political purposes and brand damage.
What You Can Do
WordPress is commonly used on many websites. WP Automatic is a plug-in that makes it easy to upload content such as video. It is not surprising that there is a large footprint of this vulnerability on websites. Pen testing your website is highly recommended to discover this WordPress vulnerability. Sign up today to get your website pen tested.
To Learn More: