WordPress CVE-2024-27956 RCE Exploit

WordPress CVE-2024-27956 RCE Exploit

vPython by Prapattimynk

In the attacks observed so far, CVE-2024-27956 is being used to unauthorized database queries and create new admin accounts on susceptible WordPress sites (e.g., names starting with xtw), which could

Android Android 5.0Exploits And POCs
( 335 ratings )
Price: $0
File WordPress CVE-2024-27956 RCE Exploit
Publisher Prapattimynk
Genre Exploits And POCs
Size -
File Type Python
Os All
Mod Version Python
Report Report
WordPress CVE-2024-27956 RCE Exploit is the most famous version in the WordPress CVE-2024-27956 RCE Exploit series of publisher
Download

In the attacks observed so far, CVE-2024-27956 is being used to unauthorized database queries and create new admin accounts on susceptible WordPress sites (e.g., names starting with “xtw”), which could then be leveraged for follow-on post-exploitation actions.

This includes installing plugins that make it possible to upload files or edit code, indicating attempts to repurpose the infected sites as stagers.

“Once a WordPress site is compromised, attackers ensure the longevity of their access by creating backdoors and obfuscating the code,” WPScan said. “To evade detection and maintain access, attackers may also rename the vulnerable WP‑Automatic file, making it difficult for website owners or security tools to identify or block the issue.”

The file in question is “/wp‑content/plugins/wp‑automatic/inc/csv.php,” which is renamed to something like “/wp‑content/plugins/wp‑automatic/inc/csv65f82ab408b3.php.”

That said, it’s possible that the threat actors are doing so in an attempt to prevent other attackers from exploiting the sites already under their control.



Recommended for You

You may also like

Comments

Your email address will not be published. Required fields are marked *

Next Post X
Ads Blocker Image Powered by Code Help Pro

AdBlocker Detected!!!

We have detected that you are using extensions to block ads. Please support us by disabling these ads blocker.