Lucene search

WordfenceCVELIST:CVE-2024-6297

HistoryJun 25, 2024 - 3:30 a.m.

CVE-2024-6297 Several WordPress.org Plugins <= Various Versions - Injected Backdoor

2024-06-2503:30:37

Wordfence

www.cve.org

wordpress

compromise

backdoor

malicious

database

credentials

administrator

user

patch

uninstall

malware

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

49.2%

JSON

Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator users and send that data back to a server. Currently, not all plugins have been patched and we strongly recommend uninstalling the plugins for the time being and running a complete malware scan.

CNA Affected

[
  {
    "vendor": "warfareplugins",
    "product": "Social Sharing Plugin – Social Warfare",
    "versions": [
      {
        "version": "4.4.6.4",
        "status": "affected",
        "lessThanOrEqual": "4.4.7.1",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "themerex",
    "product": "Contact Form 7 Multi-Step Addon",
    "versions": [
      {
        "version": "1.0.4",
        "status": "affected",
        "lessThanOrEqual": "1.0.5",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "stuartobrien",
    "product": "Simply Show Hooks",
    "versions": [
      {
        "version": "1.2.1",
        "status": "affected",
        "lessThanOrEqual": "1.2.2",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "pedrogusmao02",
    "product": "Wrapper Link Elementor",
    "versions": [
      {
        "version": "1.0.2",
        "status": "affected",
        "lessThanOrEqual": "1.0.3",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "blazeretail",
    "product": "BLAZE Retail Widget",
    "versions": [
      {
        "version": "2.2.5",
        "status": "affected",
        "lessThanOrEqual": "2.5.2",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

plugins.trac.wordpress.org/browser/blaze-widget/trunk/blaze_widget.php

plugins.trac.wordpress.org/browser/contact-form-7-multi-step-addon/trunk/trx-contact-form-7-multi-step-addon.php

plugins.trac.wordpress.org/browser/simply-show-hooks/trunk/index.php

plugins.trac.wordpress.org/browser/social-warfare/tags/4.4.6.4/trunk/social-warfare.php#L54

plugins.trac.wordpress.org/browser/social-warfare/tags/4.4.6.4/trunk/social-warfare.php#L583

plugins.trac.wordpress.org/browser/wrapper-link-elementor/trunk/wrapper.php?rev=3106508

plugins.trac.wordpress.org/changeset/3105893/

plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3106042%40social-warfare&new=3106042%40social-warfare&sfp_email=&sfph_mail=

wordpress.org/support/topic/a-security-message-from-the-plugin-review-team/

www.wordfence.com/threat-intel/vulnerabilities/id/56d24bc8-4a1a-4e60-aec5-960703a6058a?source=cve

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

49.2%

JSON

Related for CVELIST:CVE-2024-6297