2024-04-26 05:49:00 UTC

Threat actors are currently targeting WordPress sites by exploiting a critical security flaw in the WP-Automatic plugin. This vulnerability, known as CVE-2024-27956, has a high CVSS score of 9.9 and could potentially lead to site takeovers. All versions of the plugin before 3.9.2.0 are affected by this SQL injection (SQLi) flaw.