multiple WordPress plugins: embedded malicious PHP code (CVE-2024-6297) #shorts #breaking

CVE

CVE-2024-6297 highlights a critical vulnerability in multiple WordPress plugins, notably including Social Warfare, Contact Form 7 Multi-Step Addon, Simply Show Hooks, Wrapper Link Elementor, and BLAZE Retail Widget. Discovered 0 months ago, this zero-day vulnerability involves the injection of malicious PHP code into the plugins. The compromised code allows attackers to exfiltrate database credentials and create unauthorized administrator users. As a result, WordPress plugin users are at high risk. The exploit has already affected several users, necessitating immediate attention from all individuals and organizations utilizing these plugins.

This chain involves the following actors

This following systems are involved

Attack entry point

Remediation actions

Exploitation actions

• https://www.wordfence.com/threat-intel/vulnerabilities/id/56d24bc8-4a1a-4e60-aec5-960703a6058a?source=cve
• https://wordpress.org/support/topic/a-security-message-from-the-plugin-review-team/
• https://plugins.trac.wordpress.org/browser/social-warfare/tags/4.4.6.4/trunk/social-warfare.php#L54
• https://plugins.trac.wordpress.org/browser/social-warfare/tags/4.4.6.4/trunk/social-warfare.php#L583
• https://plugins.trac.wordpress.org/changeset/3105893/
• https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3106042%40social-warfare&new=3106042%40social-warfare&sfp_email=&sfph_mail=
• https://plugins.trac.wordpress.org/browser/simply-show-hooks/trunk/index.php
• https://plugins.trac.wordpress.org/browser/contact-form-7-multi-step-addon/trunk/trx-contact-form-7-multi-step-addon.php
• https://plugins.trac.wordpress.org/browser/wrapper-link-elementor/trunk/wrapper.php?rev=3106508
• https://plugins.trac.wordpress.org/browser/blaze-widget/trunk/blaze_widget.php