![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjjvCffAfbsKsAnihZQH0q6CL3K-y2vFGHf-XHrltCyscHHKoe-nN1DD_y5JnC_nNzOH310coc6A5qc6dO4T0dJNmHMOJNyKv82b6jg5RWcsSkJxH0nbxLJE1-0oeFb1_AHQy1_44jIdODln4bUxDHBjY6GpttY7hU35WtCZiQeMY4xehIRGHMj_q3czx_h/s1600/wp.png)
Threat actors are attempting to actively exploit a critical security flaw in the WP‑Automatic plugin for WordPress that could allow site takeovers.
The shortcoming, tracked as CVE-2024-27956, carries a CVSS score of 9.9 out of a maximum of 10. It impacts all versions of the plugin prior to 3.9.2.0.
“This vulnerability, a SQL injection (SQLi) flaw, poses a severe threat as
Source:: The Hackers News