CVE-2024-6297 (GCVE-0-2024-6297)
Vulnerability from cvelistv5 – Published: 2024-06-25 03:30 – Updated: 2024-08-01 21:33
VLAI?
Title
Several WordPress.org Plugins <= Various Versions - Injected Backdoor
Summary
Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator users and send that data back to a server. Currently, not all plugins have been patched and we strongly recommend uninstalling the plugins for the time being and running a complete malware scan.
Severity ?
10 (Critical)
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| warfareplugins | Social Sharing Plugin – Social Warfare |
Affected:
4.4.6.4 , ≤ 4.4.7.1
(semver)
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:warfareplugins:social_warfare:4.4.6.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "social_warfare",
"vendor": "warfareplugins",
"versions": [
{
"lessThanOrEqual": "4.4.7.1",
"status": "affected",
"version": "4.4.6.4",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6297",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-03T18:45:38.511409Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T17:28:54.948Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:33:05.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/56d24bc8-4a1a-4e60-aec5-960703a6058a?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://wordpress.org/support/topic/a-security-message-from-the-plugin-review-team/"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/social-warfare/tags/4.4.6.4/trunk/social-warfare.php#L54"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/social-warfare/tags/4.4.6.4/trunk/social-warfare.php#L583"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3105893/"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3106042%40social-warfare\u0026new=3106042%40social-warfare\u0026sfp_email=\u0026sfph_mail="
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/simply-show-hooks/trunk/index.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/contact-form-7-multi-step-addon/trunk/trx-contact-form-7-multi-step-addon.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/wrapper-link-elementor/trunk/wrapper.php?rev=3106508"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/blaze-widget/trunk/blaze_widget.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Social Sharing Plugin \u2013 Social Warfare",
"vendor": "warfareplugins",
"versions": [
{
"lessThanOrEqual": "4.4.7.1",
"status": "affected",
"version": "4.4.6.4",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Contact Form 7 Multi-Step Addon",
"vendor": "themerex",
"versions": [
{
"lessThanOrEqual": "1.0.5",
"status": "affected",
"version": "1.0.4",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Simply Show Hooks",
"vendor": "stuartobrien",
"versions": [
{
"lessThanOrEqual": "1.2.2",
"status": "affected",
"version": "1.2.1",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Wrapper Link Elementor",
"vendor": "pedrogusmao02",
"versions": [
{
"lessThanOrEqual": "1.0.3",
"status": "affected",
"version": "1.0.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "BLAZE Retail Widget",
"vendor": "blazeretail",
"versions": [
{
"lessThanOrEqual": "2.5.2",
"status": "affected",
"version": "2.2.5",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator users and send that data back to a server. Currently, not all plugins have been patched and we strongly recommend uninstalling the plugins for the time being and running a complete malware scan."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 10,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-506 Embedded Malicious Code",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T03:30:37.970Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/56d24bc8-4a1a-4e60-aec5-960703a6058a?source=cve"
},
{
"url": "https://wordpress.org/support/topic/a-security-message-from-the-plugin-review-team/"
},
{
"url": "https://plugins.trac.wordpress.org/browser/social-warfare/tags/4.4.6.4/trunk/social-warfare.php#L54"
},
{
"url": "https://plugins.trac.wordpress.org/browser/social-warfare/tags/4.4.6.4/trunk/social-warfare.php#L583"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3105893/"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3106042%40social-warfare\u0026new=3106042%40social-warfare\u0026sfp_email=\u0026sfph_mail="
},
{
"url": "https://plugins.trac.wordpress.org/browser/simply-show-hooks/trunk/index.php"
},
{
"url": "https://plugins.trac.wordpress.org/browser/contact-form-7-multi-step-addon/trunk/trx-contact-form-7-multi-step-addon.php"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wrapper-link-elementor/trunk/wrapper.php?rev=3106508"
},
{
"url": "https://plugins.trac.wordpress.org/browser/blaze-widget/trunk/blaze_widget.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-06-24T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Several WordPress.org Plugins \u003c= Various Versions - Injected Backdoor"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-6297",
"datePublished": "2024-06-25T03:30:37.970Z",
"dateReserved": "2024-06-25T03:30:37.338Z",
"dateUpdated": "2024-08-01T21:33:05.337Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator users and send that data back to a server. Currently, not all plugins have been patched and we strongly recommend uninstalling the plugins for the time being and running a complete malware scan.\"}, {\"lang\": \"es\", \"value\": \"Varios complementos para WordPress alojados en WordPress.org se han visto comprometidos y se les han inyectado scripts PHP maliciosos. Un actor de amenaza malicioso comprometi\\u00f3 el c\\u00f3digo fuente de varios complementos e inyect\\u00f3 c\\u00f3digo que extrae las credenciales de la base de datos y se utiliza para crear nuevos usuarios administradores maliciosos y enviar esos datos a un servidor. Actualmente, no todos los complementos han sido parcheados y recomendamos encarecidamente desinstalarlos por el momento y ejecutar un an\\u00e1lisis completo de malware.\"}]",
"id": "CVE-2024-6297",
"lastModified": "2024-11-21T09:49:23.010",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security@wordfence.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 10.0, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 6.0}]}",
"published": "2024-06-25T04:15:17.400",
"references": "[{\"url\": \"https://plugins.trac.wordpress.org/browser/blaze-widget/trunk/blaze_widget.php\", \"source\": \"security@wordfence.com\"}, {\"url\": \"https://plugins.trac.wordpress.org/browser/contact-form-7-multi-step-addon/trunk/trx-contact-form-7-multi-step-addon.php\", \"source\": \"security@wordfence.com\"}, {\"url\": \"https://plugins.trac.wordpress.org/browser/simply-show-hooks/trunk/index.php\", \"source\": \"security@wordfence.com\"}, {\"url\": \"https://plugins.trac.wordpress.org/browser/social-warfare/tags/4.4.6.4/trunk/social-warfare.php#L54\", \"source\": \"security@wordfence.com\"}, {\"url\": \"https://plugins.trac.wordpress.org/browser/social-warfare/tags/4.4.6.4/trunk/social-warfare.php#L583\", \"source\": \"security@wordfence.com\"}, {\"url\": \"https://plugins.trac.wordpress.org/browser/wrapper-link-elementor/trunk/wrapper.php?rev=3106508\", \"source\": \"security@wordfence.com\"}, {\"url\": \"https://plugins.trac.wordpress.org/changeset/3105893/\", \"source\": \"security@wordfence.com\"}, {\"url\": \"https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3106042%40social-warfare\u0026new=3106042%40social-warfare\u0026sfp_email=\u0026sfph_mail=\", \"source\": \"security@wordfence.com\"}, {\"url\": \"https://wordpress.org/support/topic/a-security-message-from-the-plugin-review-team/\", \"source\": \"security@wordfence.com\"}, {\"url\": \"https://www.wordfence.com/threat-intel/vulnerabilities/id/56d24bc8-4a1a-4e60-aec5-960703a6058a?source=cve\", \"source\": \"security@wordfence.com\"}, {\"url\": \"https://plugins.trac.wordpress.org/browser/blaze-widget/trunk/blaze_widget.php\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://plugins.trac.wordpress.org/browser/contact-form-7-multi-step-addon/trunk/trx-contact-form-7-multi-step-addon.php\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://plugins.trac.wordpress.org/browser/simply-show-hooks/trunk/index.php\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://plugins.trac.wordpress.org/browser/social-warfare/tags/4.4.6.4/trunk/social-warfare.php#L54\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://plugins.trac.wordpress.org/browser/social-warfare/tags/4.4.6.4/trunk/social-warfare.php#L583\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://plugins.trac.wordpress.org/browser/wrapper-link-elementor/trunk/wrapper.php?rev=3106508\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://plugins.trac.wordpress.org/changeset/3105893/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3106042%40social-warfare\u0026new=3106042%40social-warfare\u0026sfp_email=\u0026sfph_mail=\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://wordpress.org/support/topic/a-security-message-from-the-plugin-review-team/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.wordfence.com/threat-intel/vulnerabilities/id/56d24bc8-4a1a-4e60-aec5-960703a6058a?source=cve\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "security@wordfence.com",
"vulnStatus": "Awaiting Analysis"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-6297\",\"sourceIdentifier\":\"security@wordfence.com\",\"published\":\"2024-06-25T04:15:17.400\",\"lastModified\":\"2024-11-21T09:49:23.010\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator users and send that data back to a server. Currently, not all plugins have been patched and we strongly recommend uninstalling the plugins for the time being and running a complete malware scan.\"},{\"lang\":\"es\",\"value\":\"Varios complementos para WordPress alojados en WordPress.org se han visto comprometidos y se les han inyectado scripts PHP maliciosos. Un actor de amenaza malicioso comprometi\u00f3 el c\u00f3digo fuente de varios complementos e inyect\u00f3 c\u00f3digo que extrae las credenciales de la base de datos y se utiliza para crear nuevos usuarios administradores maliciosos y enviar esos datos a un servidor. Actualmente, no todos los complementos han sido parcheados y recomendamos encarecidamente desinstalarlos por el momento y ejecutar un an\u00e1lisis completo de malware.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@wordfence.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":6.0}]},\"references\":[{\"url\":\"https://plugins.trac.wordpress.org/browser/blaze-widget/trunk/blaze_widget.php\",\"source\":\"security@wordfence.com\"},{\"url\":\"https://plugins.trac.wordpress.org/browser/contact-form-7-multi-step-addon/trunk/trx-contact-form-7-multi-step-addon.php\",\"source\":\"security@wordfence.com\"},{\"url\":\"https://plugins.trac.wordpress.org/browser/simply-show-hooks/trunk/index.php\",\"source\":\"security@wordfence.com\"},{\"url\":\"https://plugins.trac.wordpress.org/browser/social-warfare/tags/4.4.6.4/trunk/social-warfare.php#L54\",\"source\":\"security@wordfence.com\"},{\"url\":\"https://plugins.trac.wordpress.org/browser/social-warfare/tags/4.4.6.4/trunk/social-warfare.php#L583\",\"source\":\"security@wordfence.com\"},{\"url\":\"https://plugins.trac.wordpress.org/browser/wrapper-link-elementor/trunk/wrapper.php?rev=3106508\",\"source\":\"security@wordfence.com\"},{\"url\":\"https://plugins.trac.wordpress.org/changeset/3105893/\",\"source\":\"security@wordfence.com\"},{\"url\":\"https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3106042%40social-warfare\u0026new=3106042%40social-warfare\u0026sfp_email=\u0026sfph_mail=\",\"source\":\"security@wordfence.com\"},{\"url\":\"https://wordpress.org/support/topic/a-security-message-from-the-plugin-review-team/\",\"source\":\"security@wordfence.com\"},{\"url\":\"https://www.wordfence.com/threat-intel/vulnerabilities/id/56d24bc8-4a1a-4e60-aec5-960703a6058a?source=cve\",\"source\":\"security@wordfence.com\"},{\"url\":\"https://plugins.trac.wordpress.org/browser/blaze-widget/trunk/blaze_widget.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://plugins.trac.wordpress.org/browser/contact-form-7-multi-step-addon/trunk/trx-contact-form-7-multi-step-addon.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://plugins.trac.wordpress.org/browser/simply-show-hooks/trunk/index.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://plugins.trac.wordpress.org/browser/social-warfare/tags/4.4.6.4/trunk/social-warfare.php#L54\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://plugins.trac.wordpress.org/browser/social-warfare/tags/4.4.6.4/trunk/social-warfare.php#L583\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://plugins.trac.wordpress.org/browser/wrapper-link-elementor/trunk/wrapper.php?rev=3106508\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://plugins.trac.wordpress.org/changeset/3105893/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3106042%40social-warfare\u0026new=3106042%40social-warfare\u0026sfp_email=\u0026sfph_mail=\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://wordpress.org/support/topic/a-security-message-from-the-plugin-review-team/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.wordfence.com/threat-intel/vulnerabilities/id/56d24bc8-4a1a-4e60-aec5-960703a6058a?source=cve\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.wordfence.com/threat-intel/vulnerabilities/id/56d24bc8-4a1a-4e60-aec5-960703a6058a?source=cve\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://wordpress.org/support/topic/a-security-message-from-the-plugin-review-team/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://plugins.trac.wordpress.org/browser/social-warfare/tags/4.4.6.4/trunk/social-warfare.php#L54\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://plugins.trac.wordpress.org/browser/social-warfare/tags/4.4.6.4/trunk/social-warfare.php#L583\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://plugins.trac.wordpress.org/changeset/3105893/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3106042%40social-warfare\u0026new=3106042%40social-warfare\u0026sfp_email=\u0026sfph_mail=\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://plugins.trac.wordpress.org/browser/simply-show-hooks/trunk/index.php\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://plugins.trac.wordpress.org/browser/contact-form-7-multi-step-addon/trunk/trx-contact-form-7-multi-step-addon.php\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://plugins.trac.wordpress.org/browser/wrapper-link-elementor/trunk/wrapper.php?rev=3106508\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://plugins.trac.wordpress.org/browser/blaze-widget/trunk/blaze_widget.php\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T21:33:05.337Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-6297\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-03T18:45:38.511409Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:warfareplugins:social_warfare:4.4.6.4:*:*:*:*:*:*:*\"], \"vendor\": \"warfareplugins\", \"product\": \"social_warfare\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.4.6.4\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"4.4.7.1\"}], \"defaultStatus\": \"unaffected\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-03T18:56:11.289Z\"}}], \"cna\": {\"title\": \"Several WordPress.org Plugins \u003c= Various Versions - Injected Backdoor\", \"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 10, \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\"}}], \"affected\": [{\"vendor\": \"warfareplugins\", \"product\": \"Social Sharing Plugin \\u2013 Social Warfare\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.4.6.4\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.4.7.1\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"themerex\", \"product\": \"Contact Form 7 Multi-Step Addon\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0.4\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"1.0.5\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"stuartobrien\", \"product\": \"Simply Show Hooks\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.2.1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"1.2.2\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"pedrogusmao02\", \"product\": \"Wrapper Link Elementor\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0.2\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"1.0.3\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"blazeretail\", \"product\": \"BLAZE Retail Widget\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.2.5\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"2.5.2\"}], \"defaultStatus\": \"unaffected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2024-06-24T00:00:00.000+00:00\", \"value\": \"Disclosed\"}], \"references\": [{\"url\": \"https://www.wordfence.com/threat-intel/vulnerabilities/id/56d24bc8-4a1a-4e60-aec5-960703a6058a?source=cve\"}, {\"url\": \"https://wordpress.org/support/topic/a-security-message-from-the-plugin-review-team/\"}, {\"url\": \"https://plugins.trac.wordpress.org/browser/social-warfare/tags/4.4.6.4/trunk/social-warfare.php#L54\"}, {\"url\": \"https://plugins.trac.wordpress.org/browser/social-warfare/tags/4.4.6.4/trunk/social-warfare.php#L583\"}, {\"url\": \"https://plugins.trac.wordpress.org/changeset/3105893/\"}, {\"url\": \"https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3106042%40social-warfare\u0026new=3106042%40social-warfare\u0026sfp_email=\u0026sfph_mail=\"}, {\"url\": \"https://plugins.trac.wordpress.org/browser/simply-show-hooks/trunk/index.php\"}, {\"url\": \"https://plugins.trac.wordpress.org/browser/contact-form-7-multi-step-addon/trunk/trx-contact-form-7-multi-step-addon.php\"}, {\"url\": \"https://plugins.trac.wordpress.org/browser/wrapper-link-elementor/trunk/wrapper.php?rev=3106508\"}, {\"url\": \"https://plugins.trac.wordpress.org/browser/blaze-widget/trunk/blaze_widget.php\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator users and send that data back to a server. Currently, not all plugins have been patched and we strongly recommend uninstalling the plugins for the time being and running a complete malware scan.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-506 Embedded Malicious Code\"}]}], \"providerMetadata\": {\"orgId\": \"b15e7b5b-3da4-40ae-a43c-f7aa60e62599\", \"shortName\": \"Wordfence\", \"dateUpdated\": \"2024-06-25T03:30:37.970Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-6297\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-01T21:33:05.337Z\", \"dateReserved\": \"2024-06-25T03:30:37.338Z\", \"assignerOrgId\": \"b15e7b5b-3da4-40ae-a43c-f7aa60e62599\", \"datePublished\": \"2024-06-25T03:30:37.970Z\", \"assignerShortName\": \"Wordfence\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…