Bengal Web Hosting
Business Hosting Specialist Since 2008 Our mission is to make life easier for website developers and
Hello, We are Bengalwebhosting, we have been providing cloud hosting since 2008 and our vision and passion have always been to build a hosting company that provides excellent support with 24x7x365 live chat so our customers can be rescued by one of our support heroes whenever they needed help. Business Hosting Specialist Since 2008 Our mission has been to make life easier for website developers an
Hackers Exploiting WP-Automatic Plugin Bug to Create Admin Accounts on WordPress Sites Threat actors are attempting to actively exploit a critical security flaw in the WP‑Automatic plugin for WordPress that could allow site takeovers.
The shortcoming, tracked as CVE-2024-27956, carries a CVSS score of 9.9 out of a maximum of 10. It impacts all versions of the plugin prior to 3.9.2.0.
"This vulnerability, a SQL injection (SQLi) flaw, poses a severe threat as attackers can exploit it to gain unauthorized access to websites, create admin‑level user accounts, upload malicious files, and potentially take full control of affected sites," WPScan said in an alert this week.
According to the Automattic-owned company, the issue is rooted in the plugin's user authentication mechanism, which can be trivially circumvented to execute arbitrary SQL queries against the database by means of specially crafted requests.In the attacks observed so far, CVE-2024-27956 is being used to unauthorized database queries and create new admin accounts on susceptible WordPress sites (e.g., names starting with "xtw"), which could then be leveraged for follow-on post-exploitation actions.
This includes installing plugins that make it possible to upload files or edit code, indicating attempts to repurpose the infected sites as stagers.
"Once a WordPress site is compromised, attackers ensure the longevity of their access by creating backdoors and obfuscating the code," WPScan said. "To evade detection and maintain access, attackers may also rename the vulnerable WP‑Automatic file, making it difficult for website owners or security tools to identify or block the issue."
The file in question is "/wp‑content/plugins/wp‑automatic/inc/csv.php," which is renamed to something like "wp‑content/plugins/wp‑automatic/inc/csv65f82ab408b3.php."
That said, it's possible that the threat actors are doing so in an attempt to prevent other attackers from exploiting the sites already under their control.
CVE-2024-27956 was publicly disclosed by WordPress security firm Patchstack on March 13, 2024. Since then, more than 5.5 million attack attempts to weaponize the flaw have been detected in the wild.The disclosure comes as severe bugs have been disclosed in plugins like Email Subscribers by Icegram Express (CVE-2024-2876, CVSS score: 9.8), Forminator (CVE-2024-28890, CVSS score: 9.8), and User Registration (CVE-2024-2417, CVSS score: 8.8) that could be used to extract sensitive data like password hashes from the database, upload arbitrary files, and grant an authenticator user admin privileges.
Patchstack has also warned of an unpatched issue in the Poll Maker plugin (CVE-2024-32514, CVSS score: 9.9) that allows for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server, leading to remote code ex*****on. Bengal Web Hosting more information please flow https://bengalwebhosting.in/2024/04/26/hackers-exploiting-wp-automatic-plugin-bug-to-create-admin-accounts-on-wordpress-sites/
শুভ নববর্ষ
We're excited to bring you a fantastic offer that's too good to pass up! From today until November 30, 2023, you can register .SHOP domains for an incredibly low price of just ₹89 +GST
Contact 099033 26183
.IN Domain: Unlock the Power of INdependence
On this global stage, let your digital presence soar as you join the race with a powerful statement. Enter the Indian Market with unbeatable offers on .IN domains, now priced at just ₹249 + GST This opportunity awaits you until August 31, 2023 - a chance to elevate your clients' online footprint while embracing the spirit of progress and freedom. visited https://bengalwebhosting.in/
Find an ideal domain name for your clients business in the Indian market with .IN domain, available at the offer price of ₹229 and 3rd level .IN at ₹165 starting from 24-29 November, 2022. Let your clients reach a wider audience and grow online as a domestic brand.
www.bengalwebhosting.in
24/7Customercare +91-9903326183
Support +91-9073533686
Best price of ₹175 till October 19, 2022
www.bengalwebhosting.in
Yes...That's how every is...😇 Their influence is not just on the test scores, but extends to our bright life and future. 🙂 🎯 inspire, enlighten and guide us to climb the ladder of success.✨
Wishing a very to all the wonderful teachers out there! 🙂
Bengal Web Hosting
www.bengalwebhosting.in
Contact +91 99033 26183
Call Support at +91-9073533686
A proud start for the nation! has started off on a big note. May the winning streak continue in the ! Congratulations and best wishes to the once again
Independence Day Offer 2022
Contact @
24/7 Customer Care +91-9903326183
Eid Mubarak everyone !!
Have a safe and blessed Eid 🌙
Click here to claim your Sponsored Listing.
Videos (show all)
Category
Contact the business
Telephone
Website
Address
C/O SATYENDRA NATH SADHUKHAN HOUSENO 110 VILLAGE NATAPALI GANGSARA MAJHERGRAM CHAKDAH Nadia WB IN
Kalyani
741238
Kalyani, 743297
Please visit my YouTube Channel and Subscribe my YouTube Channel....https://www.youtube.com/channel/U
Kalyani
Kalyani, 741235
Web Designing, SEO, Hosting Domain, Social Media Marketing, Online Marketing, Lead Generation
Gayeshpur
Kalyani, 741234
A home to unbiased, in-depth saas product reviews crafted with real user insights.
Webel IT Park Kalyani
Kalyani, 741257
contact us for Website and mobile apps web apps & portal , ERP , Billing, Stock ,Inventory manage
Astra Tower
Kalyani
Biva International IT Hub provides top class customer services at the best rate in the market.
Kalyani, 741251
we are working on: Web Development, Web Designing, SEO, Content Writing, Data Entry, Business Outso
Kalyani, 741251
Hello everyone! This is our Official Page. Stay tuned for regular updates on everything that's going on in our Company...
A-10/128
Kalyani, 741235
We provide service in the following fields - - WordPress and Joomla! web development - eCommerce wit