CVE-2024-27956

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Automatic allows SQL Injection.This issue affects Automatic: from n/a through 3.92.0.

References

https://nahid0x1.medium.com/cve-2024-27956-sql-injection-vulnerability-in-valvepress-automatic-wp-automatic-2222e696f1df?source=rss------vulnerability-5

https://nahid0x1.medium.com/cve-2024-27956-sql-injection-vulnerability-in-valvepress-automatic-wp-automatic-2222e696f1df?source=rss------exploit-5

https://nahid0x1.medium.com/cve-2024-27956-sql-injection-vulnerability-in-valvepress-automatic-wp-automatic-2222e696f1df?source=rss------cve-5

https://securityboulevard.com/2024/05/tracking-cve-2024-2876-why-does-the-latest-wordpress-exploit-compromise-over-90000-websites/?web_view=true

https://www.hivepro.com/threat-advisory/active-targeting-of-wp-automatic-plugin-flaw-raises-concerns-for-site-takeover/

https://arstechnica.com/security/2024/04/hackers-make-millions-of-attempts-to-exploit-wordpress-plugin-vulnerability/

https://thehackernews.com/2024/04/hackers-exploiting-wp-automatic-plugin.html?&web_view=true

https://www.bleepingcomputer.com/news/security/wp-automatic-wordpress-plugin-hit-by-millions-of-sql-injection-attacks/

https://wpscan.com/blog/new-malware-campaign-targets-wp-automatic-plugin/

https://patchstack.com/database/vulnerability/wp-automatic/wordpress-automatic-plugin-3-92-0-unauthenticated-arbitrary-sql-execution-vulnerability?_s_id=cve

https://patchstack.com/database/vulnerability/wp-automatic/wordpress-automatic-plugin-3-92-0-unauthenticated-arbitrary-sql-execution-vulnerability?_s_id=cve

https://patchstack.com/articles/critical-vulnerabilities-patched-in-wordpress-automatic-plugin?_s_id=cve

https://patchstack.com/articles/critical-vulnerabilities-patched-in-wordpress-automatic-plugin?_s_id=cve

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3