The WordPress plugin WP Automatic has been a popular target for hackers for several months. A vulnerability in the plugin provides attackers with a backdoor that cannot be easily closed.

The vulnerability in WP Automatic was discovered on March 13th. Since then, the number of attacks attempting to exploit the vulnerability has increased rapidly. WPScan, a security tool for WordPress plugins, estimates the number at more than 5.5 million, with the peak occurring on March 31.

9.9 out of ten

What exactly is going on? WP Automation is a plugin for automating content import and publishing. CVE-2024-27956, as the vulnerability was named, allows hackers to create an account with administrative privileges and import files containing malicious code.

Once attackers get into your WordPress environment through the backdoor, getting them to the exit is no longer as easy. The vulnerability therefore receives the almost maximum CVSS score of 9.9 out of ten.

Actively exploited

More than 30,000 websites worldwide are said to use the WP Automation plugin. It’s unclear exactly how many websites have already been compromised, but the plugin is being actively exploited.

There are signs that your website is affected: Administrator accounts starting with xtw or files named web.php And index.php should set alarm bells ringing. Updating WP Automation to 3.92.1 or later will fix the gaps.

Security holes in WordPress plugins are not uncommon. Due to the high number of websites based on WordPress, such vulnerabilities can affect thousands of websites in one fell swoop. Plugins, like your website, require regular maintenance: outdated plugins can be very harmful. By regularly backing up your website, you’ll never go wrong: this way, if something goes wrong, you can quickly restore a current version of your website.