Mia Davis
April 29, 2024
4 Min

Threat Report 29.04.24

WP Automatic WordPress plugin bombarded by SQL injections

Threat actors have been exploiting a critical vulnerability in the WP Automatic WordPress plugin, used by over 30,000 websites. The WP Automatic plugin allows website administrators to automatically import online content such as text and images and publish to their site.

The vulnerability, tracked as CVE-2024-27956, has a CVSS score of 9.9 and is a flaw which allows user authentication to be bypassed, allowing an attacker to submit SQL queries to the site’s database. This can be abused to create administrator accounts on the targeted website.

To mitigate this issue, it is recommended to update to version 3.92.1 or later of the WP Automatic plugin. There have currently been over 5.5 million attacks attempting to exploit the vulnerability, so updating is critical.

Patch released for maximum severity vulnerability in Progress Flowmon

Progress Software has released a patch fixing a maximum severity vulnerability in their product, Progress Flowmon. Progress Flowmon is a tool that includes performance tracking, diagnostics, and network detection and response features and is used by over 1,500 companies worldwide, such as SEGA, KIA, and TDK, Volkswagen, Orange, and Tietoevry.

The vulnerability, tracked as CVE-2024-2389, has a maximum score of 10. When an attacker uses a specially crafted API request, they can gain remote, unauthenticated access to the Flowmon web interface leading to the execution of arbitrary system commands.

To mitigate this issue, it is recommended to update to versions v12.3.5 and 11.1.14 or later. Since the proof-of-concept is available online, it is critical to update as soon as possible to prevent threat actors from potentially abusing the flaw.

Cisco zero-day vulnerability exploited to gain access to government networks

Cisco has released a warning that state-backed threat actors are actively exploiting two zero-day vulnerabilities in Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) firewalls to breach government networks.

The threat actors, identified as UAT4356 by Cisco Talos and STORM-1849 by Microsoft, have been exploiting the vulnerabilities to gain persistent access to affected devices and spread malware. The cyber-espionage campaign is being tracked as ArcaneDoor.

Cisco has released patches addressing the two vulnerabilities, and has strongly advised to upgrade affected systems to the latest versions to avoid any potential incidents.

Read similar blogs