{"id":4734,"date":"2024-04-27T10:43:50","date_gmt":"2024-04-27T17:43:50","guid":{"rendered":"https:\/\/www.ultimatewb.com\/blog\/?p=4734"},"modified":"2024-04-27T10:43:51","modified_gmt":"2024-04-27T17:43:51","slug":"popular-wordpress-plugin-targeted-by-hackers-millions-of-sites-at-risk","status":"publish","type":"post","link":"https:\/\/www.ultimatewb.com\/blog\/4734\/popular-wordpress-plugin-targeted-by-hackers-millions-of-sites-at-risk\/","title":{"rendered":"Popular WordPress Plugin Targeted by Hackers: Millions of Sites at Risk"},"content":{"rendered":"\n
\"\"<\/a><\/figure>\n\n\n\n

WordPress website owners beware! Security researchers have uncovered a critical vulnerability in a widely used plugin that could allow hackers to completely take over websites.<\/p>\n\n\n\n

The targeted plugin, WP-Automatic, is designed to automate content import and publishing from various sources. According to Patchstack, a WordPress security firm, the vulnerability is a type of SQL injection (SQLi) flaw. SQLi attacks exploit weaknesses in how a website interacts with its database, potentially allowing unauthorized access and control.<\/p>\n\n\n\n

The severity of the situation is underscored by the number of potentially affected websites. Reports indicate that WP-Automatic boasts over five million active installations.<\/p>\n\n\n\n

“Hackers could leverage this flaw to gain unauthorized access to websites, create admin accounts, upload malicious files, and essentially take full control of the affected sites,” warns the WPScan alert.<\/p>\n\n\n\n

Researchers have traced the vulnerability back to mid-March 2024. WPScan assigned the flaw a critical rating of 9.9 and assigned it the identifier CVE-2024-27956.<\/p>\n\n\n\n

There are also reports of the vulnerability being actively exploited in the wild, with over five million attempted attacks documented so far.<\/p>\n\n\n\n

What You Can Do:<\/strong><\/h2>\n\n\n\n

If you use the WP-Automatic plugin on your WordPress website, here’s how to protect yourself:<\/p>\n\n\n\n