Hackers attack popular WordPress plugin: millions of attack attempts
Researchers from the WordPress security firm Patchstack have discovered a critical vulnerability in the popular WP-Automatic plugin that allows hackers to perform SQL injections. This flaw can lead to unauthorized access and full control over websites using this plugin. WP-Automatic, which is used to automate the import and publication of content from various sources, is widely popular among WordPress users. Vulnerable versions of the plugin prior to 3.9.2.0 have already been the target of more than five million exploitation attempts.
Hackers exploit this vulnerability to create new administrative accounts on websites, install malware, and steal confidential information. There is a risk that attackers can create backdoors and obfuscate code, making it difficult for website owners or security tools to detect the problem.
It is also reported that hackers can rename vulnerable plugin files, which makes it difficult to detect and fix vulnerabilities. To protect their websites, users are advised to install updates and use only those themes and plugins that are necessary for their activities.