WordPress Automatic plugin critical vulnerability (#680)

* Cisco Expressway Advisory * Format markdown files * Update 20240208003-Cisco-Expressway-Series-Cross_Site-Request-Forgery.md changing of links * Format markdown files * Adobe Releases Security Updates * Format markdown files * Adobe Releases Security Updates * Format markdown files * Bricks WordPress Advisory * Format markdown files * Bricks WordPress * Zyxel security advisory * Format markdown files * Linux Kernel Code Execution Vulnerability * Format markdown files * released a security advisory * Format markdown files * Update and rename 20240308004-Android-security-advisory.md to 20240308004-Android-security-advisory.md Changed from 007 to 008 * Android security advisory 20240308004 * Format markdown files * Fortinet Critical SQLi Vulnerability in FortiClientEMS * Format markdown files * Update 20240318003-Fortinet-Critical-SQLi-Vulnerability-in-FortiClientEMS-Software.md Minor grammar fix and observability * Format markdown files * Firefox Patches Critical Zero-Day Vulnerabilities * Format markdown files * Firefox Patches Critical Zero-Day Vulnerabilities - 20240327003 * Format markdown files * Update 20240327003-Firefox-Patches-Critical-Zero-Day-Vulnerabilities.md add cvss column and minor fix to table * Delete docs/advisories/20240326002-Firefox-Patches-Critical-Zero-Day-Vulnerabilities.md no longer needed * Format markdown files * Supply Chain Compromise Affecting XZ Utils Data Compression Library - 20240402002 * Format markdown files * Cisco Vulnerability in Small Business Routers * Format markdown files * Updated overview to include all Router series. * Bitdefender Advisory * Format markdown files * TP-Link Archer Routers Advisory * Format markdown docs * Update 20240418003-Botnets-Swarm-Exploited-in-TP-Link-Archer-Routers.md Fixing table * HashiCorp security advisory * Format markdown docs * Progress Software Telerik Reporting Vulnerability * Format markdown docs * WordPress Automatic plugin critical vulnerability * Format markdown docs --------- Co-authored-by: GitHub Actions <[email protected]> Co-authored-by: Joshua Hitchen (DGov) <[email protected]> Co-authored-by: CharlesRN <[email protected]>
wagov · Apr 29, 2024 · 479753e · 479753e
1 parent b09661f
commit 479753e
Showing 1 changed file with 25 additions and 0 deletions.
diff --git a/docs/advisories/20240429002-WordPress-Automatic-plugin-critical-vulnerability.md b/docs/advisories/20240429002-WordPress-Automatic-plugin-critical-vulnerability.md
@@ -0,0 +1,25 @@
+# WordPress Automatic plugin vulnerability - 20240429002
+
+## Overview
+
+The Automatic plugin for WordPress is vulnerable to SQL Injection due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. An attacker can leverage this vulnerability to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
+
+## What is vulnerable?
+
+| Product Affected                                             | CVE                                                               | Severity     | CVSS |
+| ------------------------------------------------------------ | ----------------------------------------------------------------- | ------------ | ---- |
+| WordPress Automatic plugin <br> All versions prior to 3.92.0 | [CVE-2024-27956](https://nvd.nist.gov/vuln/detail/CVE-2024-27956) | **Critical** | 9.9  |
+
+## What has been observed?
+
+There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *one month...* (refer [Patch Management](../guidelines/patch-management.md)):
+
+## Additional References
+
+- [NVD - CVE-2024-27956 (nist.gov)](https://nvd.nist.gov/vuln/detail/CVE-2024-27956 "https://nvd.nist.gov/vuln/detail/CVE-2024-27956")
+- [CVE-2024-27956 | Tenable®](https://www.tenable.com/cve/CVE-2024-27956 "https://www.tenable.com/cve/CVE-2024-27956")
+- [Hackers Exploiting WP-Automatic Plugin Bug to Create Admin Accounts on WordPress Sites (thehackernews.com)](https://thehackernews.com/2024/04/hackers-exploiting-wp-automatic-plugin.html "https://thehackernews.com/2024/04/hackers-exploiting-wp-automatic-plugin.html")