CVE-2024-27956 – This CVE describes an unauthenticated SQL injec... (How to Fix)

Q: What is the severity of CVE-2024-27956?

CVE-2024-27956 has a CVSS score of 9.9 (CRITICAL). This CVE describes an unauthenticated SQL injection vulnerability in the WordPress Automatic plugin (ValvePress Automatic). Attackers can execute arbitrary SQL commands without authentication, potentially compromising the database. All WordPress sites using Automatic plugin versions up to 3.92.0 are affected.

📋 TL;DR

This CVE describes an unauthenticated SQL injection vulnerability in the WordPress Automatic plugin (ValvePress Automatic). Attackers can execute arbitrary SQL commands without authentication, potentially compromising the database. All WordPress sites using Automatic plugin versions up to 3.92.0 are affected.

💻 Affected Systems

Products:

WordPress Automatic Plugin (ValvePress Automatic)

Versions: n/a through 3.92.0

Operating Systems: All platforms running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all WordPress installations with the vulnerable plugin version installed and activated.

📦 What is this software?

Automatic by Valvepress

View all CVEs affecting Automatic →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, privilege escalation, remote code execution via database functions, and full site takeover.

🟠

Likely Case

Database information disclosure, data manipulation, and potential administrative access to the WordPress site.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and database user privilege restrictions.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection vulnerabilities are commonly weaponized, and unauthenticated access makes exploitation trivial for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.92.1 or later

Vendor Advisory: https://patchstack.com/database/vulnerability/wp-automatic/wordpress-automatic-plugin-3-92-0-unauthenticated-arbitrary-sql-execution-vulnerability

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Automatic' plugin. 4. Click 'Update Now' if update available. 5. Alternatively, download version 3.92.1+ from WordPress repository and manually update.

🔧 Temporary Workarounds

Disable Automatic Plugin

all

Temporarily deactivate the vulnerable plugin until patched.

wp plugin deactivate wp-automatic

Web Application Firewall (WAF) Rules

all

Implement WAF rules to block SQL injection patterns targeting the plugin.

🧯 If You Can't Patch

Immediately disable or remove the Automatic plugin from production systems.
Implement network segmentation to isolate affected WordPress instances from critical assets.

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Installed Plugins for 'Automatic' plugin version. If version is 3.92.0 or earlier, you are vulnerable.

Check Version:

wp plugin get wp-automatic --field=version

Verify Fix Applied:

Verify plugin version is 3.92.1 or later in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in WordPress or database logs
Multiple failed login attempts or unusual admin activity following SQL errors

Network Indicators:

HTTP requests containing SQL syntax to WordPress endpoints
Unexpected database connections from web server

SIEM Query:

source="wordpress.log" AND ("wp-automatic" OR "automatic") AND ("sql" OR "database" OR "union" OR "select")

📊 Metadata

CVE ID: CVE-2024-27956

CVSS v3 Score: 9.9 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L

CWE: CWE-89

Published: March 21, 2024

Last Updated: February 14, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-27956, you might also want to check these: