CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS
Percentile
49.1%
Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator users and send that data back to a server. Currently, not all plugins have been patched and we strongly recommend uninstalling the plugins for the time being and running a complete malware scan.
[
{
"vendor": "warfareplugins",
"product": "Social Sharing Plugin – Social Warfare",
"versions": [
{
"version": "4.4.6.4",
"status": "affected",
"lessThanOrEqual": "4.4.7.1",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "themerex",
"product": "Contact Form 7 Multi-Step Addon",
"versions": [
{
"version": "1.0.4",
"status": "affected",
"lessThanOrEqual": "1.0.5",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "stuartobrien",
"product": "Simply Show Hooks",
"versions": [
{
"version": "1.2.1",
"status": "affected",
"lessThanOrEqual": "1.2.2",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "pedrogusmao02",
"product": "Wrapper Link Elementor",
"versions": [
{
"version": "1.0.2",
"status": "affected",
"lessThanOrEqual": "1.0.3",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "blazeretail",
"product": "BLAZE Retail Widget",
"versions": [
{
"version": "2.2.5",
"status": "affected",
"lessThanOrEqual": "2.5.2",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
]
plugins.trac.wordpress.org/browser/blaze-widget/trunk/blaze_widget.php
plugins.trac.wordpress.org/browser/contact-form-7-multi-step-addon/trunk/trx-contact-form-7-multi-step-addon.php
plugins.trac.wordpress.org/browser/simply-show-hooks/trunk/index.php
plugins.trac.wordpress.org/browser/social-warfare/tags/4.4.6.4/trunk/social-warfare.php#L54
plugins.trac.wordpress.org/browser/social-warfare/tags/4.4.6.4/trunk/social-warfare.php#L583
plugins.trac.wordpress.org/browser/wrapper-link-elementor/trunk/wrapper.php?rev=3106508
plugins.trac.wordpress.org/changeset/3105893/
plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3106042%40social-warfare&new=3106042%40social-warfare&sfp_email=&sfph_mail=
wordpress.org/support/topic/a-security-message-from-the-plugin-review-team/
www.wordfence.com/threat-intel/vulnerabilities/id/56d24bc8-4a1a-4e60-aec5-960703a6058a?source=cve