CVE-2024-6297: Several WordPress.org Plugins <= Various Versions - Injected Backdoor
First published: Tue Jun 25 2024(Updated: )
Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator users and send that data back to a server. Currently, not all plugins have been patched and we strongly recommend uninstalling the plugins for the time being and running a complete malware scan.
Credit: security@wordfence.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WordPress Plugins | <=Various Versions |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.wordfence.com/threat-intel/vulnerabilities/id/56d24bc8-4a1a-4e60-aec5-960703a6058a?source=cve
- https://wordpress.org/support/topic/a-security-message-from-the-plugin-review-team/
- https://plugins.trac.wordpress.org/browser/social-warfare/tags/4.4.6.4/trunk/social-warfare.php#L54
- https://plugins.trac.wordpress.org/browser/social-warfare/tags/4.4.6.4/trunk/social-warfare.php#L583
- https://plugins.trac.wordpress.org/changeset/3105893/
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3106042%40social-warfare&new=3106042%40social-warfare&sfp_email=&sfph_mail=
- https://plugins.trac.wordpress.org/browser/simply-show-hooks/trunk/index.php
- https://plugins.trac.wordpress.org/browser/contact-form-7-multi-step-addon/trunk/trx-contact-form-7-multi-step-addon.php
- https://plugins.trac.wordpress.org/browser/wrapper-link-elementor/trunk/wrapper.php?rev=3106508
- https://plugins.trac.wordpress.org/browser/blaze-widget/trunk/blaze_widget.php
Frequently Asked Questions
What is the severity of CVE-2024-6297?
The severity of CVE-2024-6297 is considered high due to the potential for database credential exfiltration and unauthorized access.
How do I fix CVE-2024-6297?
To fix CVE-2024-6297, you should immediately update any affected WordPress plugins to their latest secure versions.
What plugins are affected by CVE-2024-6297?
CVE-2024-6297 affects several WordPress plugins that have been compromised, though the exact list may vary.
What should I do if I suspect my site is compromised due to CVE-2024-6297?
If you suspect a compromise from CVE-2024-6297, perform a thorough security audit and restore your site from a clean backup.
How can I prevent vulnerabilities like CVE-2024-6297 in the future?
To prevent future vulnerabilities like CVE-2024-6297, regularly update all plugins and themes and implement strong security practices for your WordPress site.
- agent/weakness
- agent/title
- agent/references
- agent/first-publish-date
- agent/description
- agent/type
- agent/severity
- agent/author
- agent/event
- collector/nvd-api
- source/NVD
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/wordpress
- canonical/wordpress plugins