WP Automatic WordPress plugin hit by millions of SQL injection attacks

A critical SQL injection vulnerability (CVE-2024-27956, CVSS 9.9) in the WP Automatic WordPress plugin (pre-3.9.2.0) is being actively exploited to create admin accounts and deploy backdoors; Automattic's WPScan observed over 5.5 million attack attempts and provides IOCs (e.g., admin accounts starting with "xtw", files named web.php and index.php, and renamed csv.php). Site owners should update the plugin to 3.92.1 or later, check for the listed IOCs, and restore from clean backups if compromised.