Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Automatic allows SQL Injection.This issue affects Automatic: from n/a through 3.92.0.
https://thehackernews.com/2024/04/hackers-exploiting-wp-automatic-plugin.html?&web_view=true
https://wpscan.com/blog/new-malware-campaign-targets-wp-automatic-plugin/