CVE-2024-6297
Several WordPress.org Plugins <= Various Versions - Injected Backdoor
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator users and send that data back to a server. Currently, not all plugins have been patched and we strongly recommend uninstalling the plugins for the time being and running a complete malware scan.
Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator users and send that data back to a server. All plugins have received updates reverting any added malicious code. Simply Show Hooks affected version (1.2.1) is the same as the patched version (1.2.1) - it does not appear that the malicious copy was ever officially released, so sites running 1.2.1 should be unaffected, though it is a good idea to run a complete Wordfence scan and verify that there are no rogue administrator accounts present.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2024-06-24 CVE Published
- 2024-06-25 CVE Reserved
- 2024-10-08 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-506: Embedded Malicious Code
CAPEC
References (10)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Warfareplugins Search vendor "Warfareplugins" | Social Sharing Plugin – Social Warfare Search vendor "Warfareplugins" for product "Social Sharing Plugin – Social Warfare" | >= 4.4.6.4 <= 4.4.7.1 Search vendor "Warfareplugins" for product "Social Sharing Plugin – Social Warfare" and version " >= 4.4.6.4 <= 4.4.7.1" | en |
Affected
| ||||||
| Themerex Search vendor "Themerex" | Contact Form 7 Multi-Step Addon Search vendor "Themerex" for product "Contact Form 7 Multi-Step Addon" | >= 1.0.4 <= 1.0.5 Search vendor "Themerex" for product "Contact Form 7 Multi-Step Addon" and version " >= 1.0.4 <= 1.0.5" | en |
Affected
| ||||||
| Stuartobrien Search vendor "Stuartobrien" | Simply Show Hooks Search vendor "Stuartobrien" for product "Simply Show Hooks" | >= 1.2.1 <= 1.2.2 Search vendor "Stuartobrien" for product "Simply Show Hooks" and version " >= 1.2.1 <= 1.2.2" | en |
Affected
| ||||||
| Pedrogusmao02 Search vendor "Pedrogusmao02" | Wrapper Link Elementor Search vendor "Pedrogusmao02" for product "Wrapper Link Elementor" | >= 1.0.2 <= 1.0.3 Search vendor "Pedrogusmao02" for product "Wrapper Link Elementor" and version " >= 1.0.2 <= 1.0.3" | en |
Affected
| ||||||
| Blazeretail Search vendor "Blazeretail" | BLAZE Retail Widget Search vendor "Blazeretail" for product "BLAZE Retail Widget" | >= 2.2.5 <= 2.5.2 Search vendor "Blazeretail" for product "BLAZE Retail Widget" and version " >= 2.2.5 <= 2.5.2" | en |
Affected
| ||||||