Active Targeting of WP-Automatic Plugin Flaw Raises Concerns for Site Takeover

Threat Level – Red | Vulnerability Report
Download PDF

The critical SQL Injection vulnerability (CVE-2024-27956) in the WP-Automatic plugin for WordPress poses a serious risk. Attackers could exploit this flaw to gain unauthorized access to websites, create admin accounts, upload malicious files, and potentially take complete control. Since the disclosure of the flaw, there have been over 5.5 million exploitation attempts detected.

Threat Level – Red | Vulnerability Report

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox