Hackers are using a critical vulnerability in the WP Automatic, a plugin used by more than 30,000 websites in WordPress. The vulnerability is being exploited to create user accounts with administrative privileges and plant backdoors in the websites for long-term access.
The critical vulnerability was first disclosed by researchers and impacts WP Automatic versions before 3.9.2.0. The vulnerability exists in the plugin’s user authentication mechanism, allowing threat actors to bypass security, , a report from Bleeping Computer said.
Hackers can then use specially crafted queries to create administrator accounts on the target website compromising its security, as well as the security of visitors.
Since the vulnerability was identified, researchers have observed more than 5.5million attacks trying to leverage the vulnerability. Hackers have also been found to change the name of vulnerable files to ensure others cannot use the vulnerability to gain administrative privileges.
(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)
Hackers have also been found to install additional plugins on the compromised website allowing them to upload files and edit existing codes.
Website administrators can check for signs that hackers took over their websites by looking for the presence of an admin account starting with “xtw” and files named web.php and index.php, which are used as backdoors by hackers.
Website administrators are also advised to update the WP Automatic plugin to its version to avoid the vulnerability from being exploited. Additionally, administrators should also create backups of their site so they can install clean copies quickly in case of a compromise.
