WordPress Automatic Plugin <= 3.92.0 is vulnerable to SQL Injection

Software Automatic Type Plugin Vulnerable versions = 3.92.0 Fixed in 3.92.1 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-27956 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID aeab56860169 Credits Rafie Muhammad Patchstack Required privilege...

WordPress Automatic Plugin <= 3.92.0 is vulnerable to Arbitrary File Download

Software Automatic Type Plugin Vulnerable versions = 3.92.0 Fixed in 3.92.1 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Download CVE CVE-2024-27954 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 9c2571e1c78b Credits Rafie Muhammad Patchstack...

WordPress Automatic Plugin <= 3.92.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Automatic Type Plugin Vulnerable versions = 3.92.0 Fixed in 3.92.1 OWASP Top 10 A8: Cross Site Request Forgery CSRF Classification Cross Site Request Forgery CSRF CVE CVE-2024-27955 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID cf1662afb1ce Credits Rafie Muhamma...

CVE-2021-4374 WordPress Automatic Plugin <= 3.53.2 - Unauthenticated Arbitrary Options Update

The WordPress Automatic Plugin for WordPress is vulnerable to arbitrary options updates in versions up to, and including, 3.53.2. This is due to missing authorization and option validation in the processform.php file. This makes it possible for unauthenticated attackers to arbitrarily update the...