FKIE_CVE-2024-6297

Vulnerability from fkie_nvd - Published: 2024-06-25 04:15 - Updated: 2024-11-21 09:49
Severity ?
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator users and send that data back to a server. Currently, not all plugins have been patched and we strongly recommend uninstalling the plugins for the time being and running a complete malware scan.
References
security@wordfence.comhttps://plugins.trac.wordpress.org/browser/blaze-widget/trunk/blaze_widget.php
security@wordfence.comhttps://plugins.trac.wordpress.org/browser/contact-form-7-multi-step-addon/trunk/trx-contact-form-7-multi-step-addon.php
security@wordfence.comhttps://plugins.trac.wordpress.org/browser/simply-show-hooks/trunk/index.php
security@wordfence.comhttps://plugins.trac.wordpress.org/browser/social-warfare/tags/4.4.6.4/trunk/social-warfare.php#L54
security@wordfence.comhttps://plugins.trac.wordpress.org/browser/social-warfare/tags/4.4.6.4/trunk/social-warfare.php#L583
security@wordfence.comhttps://plugins.trac.wordpress.org/browser/wrapper-link-elementor/trunk/wrapper.php?rev=3106508
security@wordfence.comhttps://plugins.trac.wordpress.org/changeset/3105893/
security@wordfence.comhttps://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3106042%40social-warfare&new=3106042%40social-warfare&sfp_email=&sfph_mail=
security@wordfence.comhttps://wordpress.org/support/topic/a-security-message-from-the-plugin-review-team/
security@wordfence.comhttps://www.wordfence.com/threat-intel/vulnerabilities/id/56d24bc8-4a1a-4e60-aec5-960703a6058a?source=cve
af854a3a-2127-422b-91ae-364da2661108https://plugins.trac.wordpress.org/browser/blaze-widget/trunk/blaze_widget.php
af854a3a-2127-422b-91ae-364da2661108https://plugins.trac.wordpress.org/browser/contact-form-7-multi-step-addon/trunk/trx-contact-form-7-multi-step-addon.php
af854a3a-2127-422b-91ae-364da2661108https://plugins.trac.wordpress.org/browser/simply-show-hooks/trunk/index.php
af854a3a-2127-422b-91ae-364da2661108https://plugins.trac.wordpress.org/browser/social-warfare/tags/4.4.6.4/trunk/social-warfare.php#L54
af854a3a-2127-422b-91ae-364da2661108https://plugins.trac.wordpress.org/browser/social-warfare/tags/4.4.6.4/trunk/social-warfare.php#L583
af854a3a-2127-422b-91ae-364da2661108https://plugins.trac.wordpress.org/browser/wrapper-link-elementor/trunk/wrapper.php?rev=3106508
af854a3a-2127-422b-91ae-364da2661108https://plugins.trac.wordpress.org/changeset/3105893/
af854a3a-2127-422b-91ae-364da2661108https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3106042%40social-warfare&new=3106042%40social-warfare&sfp_email=&sfph_mail=
af854a3a-2127-422b-91ae-364da2661108https://wordpress.org/support/topic/a-security-message-from-the-plugin-review-team/
af854a3a-2127-422b-91ae-364da2661108https://www.wordfence.com/threat-intel/vulnerabilities/id/56d24bc8-4a1a-4e60-aec5-960703a6058a?source=cve
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator users and send that data back to a server. Currently, not all plugins have been patched and we strongly recommend uninstalling the plugins for the time being and running a complete malware scan."
    },
    {
      "lang": "es",
      "value": "Varios complementos para WordPress alojados en WordPress.org se han visto comprometidos y se les han inyectado scripts PHP maliciosos. Un actor de amenaza malicioso comprometi\u00f3 el c\u00f3digo fuente de varios complementos e inyect\u00f3 c\u00f3digo que extrae las credenciales de la base de datos y se utiliza para crear nuevos usuarios administradores maliciosos y enviar esos datos a un servidor. Actualmente, no todos los complementos han sido parcheados y recomendamos encarecidamente desinstalarlos por el momento y ejecutar un an\u00e1lisis completo de malware."
    }
  ],
  "id": "CVE-2024-6297",
  "lastModified": "2024-11-21T09:49:23.010",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 10.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.0,
        "source": "security@wordfence.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-06-25T04:15:17.400",
  "references": [
    {
      "source": "security@wordfence.com",
      "url": "https://plugins.trac.wordpress.org/browser/blaze-widget/trunk/blaze_widget.php"
    },
    {
      "source": "security@wordfence.com",
      "url": "https://plugins.trac.wordpress.org/browser/contact-form-7-multi-step-addon/trunk/trx-contact-form-7-multi-step-addon.php"
    },
    {
      "source": "security@wordfence.com",
      "url": "https://plugins.trac.wordpress.org/browser/simply-show-hooks/trunk/index.php"
    },
    {
      "source": "security@wordfence.com",
      "url": "https://plugins.trac.wordpress.org/browser/social-warfare/tags/4.4.6.4/trunk/social-warfare.php#L54"
    },
    {
      "source": "security@wordfence.com",
      "url": "https://plugins.trac.wordpress.org/browser/social-warfare/tags/4.4.6.4/trunk/social-warfare.php#L583"
    },
    {
      "source": "security@wordfence.com",
      "url": "https://plugins.trac.wordpress.org/browser/wrapper-link-elementor/trunk/wrapper.php?rev=3106508"
    },
    {
      "source": "security@wordfence.com",
      "url": "https://plugins.trac.wordpress.org/changeset/3105893/"
    },
    {
      "source": "security@wordfence.com",
      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3106042%40social-warfare\u0026new=3106042%40social-warfare\u0026sfp_email=\u0026sfph_mail="
    },
    {
      "source": "security@wordfence.com",
      "url": "https://wordpress.org/support/topic/a-security-message-from-the-plugin-review-team/"
    },
    {
      "source": "security@wordfence.com",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/56d24bc8-4a1a-4e60-aec5-960703a6058a?source=cve"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://plugins.trac.wordpress.org/browser/blaze-widget/trunk/blaze_widget.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://plugins.trac.wordpress.org/browser/contact-form-7-multi-step-addon/trunk/trx-contact-form-7-multi-step-addon.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://plugins.trac.wordpress.org/browser/simply-show-hooks/trunk/index.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://plugins.trac.wordpress.org/browser/social-warfare/tags/4.4.6.4/trunk/social-warfare.php#L54"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://plugins.trac.wordpress.org/browser/social-warfare/tags/4.4.6.4/trunk/social-warfare.php#L583"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://plugins.trac.wordpress.org/browser/wrapper-link-elementor/trunk/wrapper.php?rev=3106508"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://plugins.trac.wordpress.org/changeset/3105893/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3106042%40social-warfare\u0026new=3106042%40social-warfare\u0026sfp_email=\u0026sfph_mail="
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://wordpress.org/support/topic/a-security-message-from-the-plugin-review-team/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/56d24bc8-4a1a-4e60-aec5-960703a6058a?source=cve"
    }
  ],
  "sourceIdentifier": "security@wordfence.com",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.