CVE-2024-6297

Summary

Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator users and send that data back to a server. Currently, not all plugins have been patched and we strongly recommend uninstalling the plugins for the time being and running a complete malware scan.

Affected Software

VendorProductVersion RangeStatus
warfarepluginsSocial Sharing Plugin – Social Warfare4.4.6.4 <= 4.4.7.1affected
themerexContact Form 7 Multi-Step Addon1.0.4 <= 1.0.5affected
stuartobrienSimply Show Hooks1.2.1 <= 1.2.2affected
pedrogusmao02Wrapper Link Elementor1.0.2 <= 1.0.3affected
blazeretailBLAZE Retail Widget2.2.5 <= 2.5.2affected

Weaknesses

  • CWE-506 Embedded Malicious Code

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

CVE Program Container

Additional References

References