Critical Vulnerabilities Patched in WordPress Automatic Plugin
Security Advisories
ssrf
SQL Injection
Automatic
Arbitrary File Download
Critical Vulnerability
Published 19 March 2024
Automatic
Unauthenticated Arbitrary SQL Execution
Automatic
Unauthenticated Arbitrary File Download and SSRF
This blog post is about the Automatic plugin vulnerabilities. If you’re an Automatic user, please update the plugin to at least version 3.92.1.
All paid Patchstack users are protected from this vulnerability. Sign up for the free Community account first, to scan for vulnerabilities and apply protection for only $5 / site per month with Patchstack.
For plugin developers, we have security audit services and Enterprise API for hosting companies.
About the Automatic Plugin
The plugin Automatic (premium version), which is estimated to have over 40,000 active installations, is known as the more popular automatic content posts plugin in WordPress. This plugin is developed by ValvePress.
This premium WordPress plugin has some features, one of which is to create posts from almost any website to WordPress automatically. It can import from popular sites like YouTube and Twitter utilizing the APIs or from almost any website of our choice using scraping modules. The plugin also now can generate content using OpenAI GPT.
The security vulnerability
This plugin suffers from multiple critical vulnerabilities and could allow any unauthenticated user to read local files and gain a full-scale SQL query execution on the WordPress site.
The first vulnerability is Unauthenticated Arbitrary SQL Execution. This vulnerability allows any unauthenticated user to fully control an SQL query that will be executed on the WordPress site. The second vulnerability is Unauthenticated Arbitrary File Download and SSRF. This vulnerability allows any unauthenticated user to read arbitrary local files and perform a Server-Side Request Forgery (SSRF) attack on the WordPress site server. The described vulnerabilities were fixed in version 3.92.1 and assigned CVE-2024-27956 and CVE-2024-27954 respectively.
Unauthenticated Arbitrary SQL Execution
The underlying vulnerability exists on inc/csv.php
file:
close chevron-down chain bars angle-right angle-up cross menu
Source: patchstack.com