Hackers target critical vulnerability in WordPress plugin to compromise websites: Report

Hackers are using a critical vulnerability in the WP Automatic, a plugin used by more than 30,000 websites in WordPress. The vulnerability exists in the plugin’s user authentication mechanism, allowing threat actors to bypass security,, a report from Bleeping Computer said. Hackers can then use specially crafted queries to create administrator accounts on the target website compromising its security, as well as the security of visitors. Hackers have also been found to change the name of vulnerable files to ensure others cannot use the vulnerability to gain administrative privileges.