1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Hackers attempt to hijack a major WordPress plugin that could all

    From TechnologyDaily@1337:1/100 to All on Fri Apr 26 17:15:06 2024
    Hackers attempt to hijack a major WordPress plugin that could allow for site takeovers

    Date:
    Fri, 26 Apr 2024 17:08:06 +0000

    Description:
    WP-Automatic was found to be vulnerable to a critical flaw that can be used
    to take over sites and steal data.

    FULL STORY ======================================================================

    A critical vulnerability recently discovered in a popular WordPress plugin,
    is being actively abused in the wild, researchers have said, with hackers potentially able to use the flaw to fully take over a victim's website.

    WordPress security firm Patchstack first discovered an SQL injection (SQLi) vulnerability in the WPAutomatic plugin, in mid-March 2024.

    WP-Automatic is a WordPress plugin designed to automate the process of importing and publishing content from various sources. It can grab content from RSS feeds, websites, YouTube channels, and more, and then automatically create and publish posts. Five million attacks

    According to a WPScan alert, cybercriminals can use the flaw to gain unauthorized access to websites, create adminlevel user accounts, upload malicious files, and potentially take full control of affected sites." So
    far, the flaw was used to create new administrator accounts, which the
    hackers would later use for additional attacks (installing malicious add ons, exfiltrating sensitive data, and more).

    It was given a rating of 9.9 (critical), and tracked as CVE-2024-27956. All versions up to 3.9.2.0 are said to be vulnerable. So far, more than five million exploitations attempts were recorded.

    "Once a WordPress site is compromised, attackers ensure the longevity of
    their access by creating backdoors and obfuscating the code," WPScan said.
    "To evade detection and maintain access, attackers may also rename the vulnerable WPAutomatic file, making it difficult for website owners or security tools to identify or block the issue."

    The Hacker News , also said that the file renaming part might also be an attempt by hackers to prevent other hackers from taking over.

    WordPress is by far the most popular website builder platform around today, powering almost half of the entire Internet. Still, it is considered relatively safe, with themes and plugins being the weakest link. WordPress site users are advised to only install themes and addons they plan on using, and to keep them updated at all times. More from TechRadar Pro Another top WordPress plugin has a serious security flaw patch now to keep your website safe Here's a list of the best firewalls around today These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/hackers-attempt-to-hijack-a-major-wordp ress-plugin-that-could-allow-for-site-takeovers


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)