Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


PSA: Fake CVE-2023-45124 Phishing Scam Tricks Users Into Installing Backdoor Plugin
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

PSA: Fake CVE-2023-45124 Phishing Scam Tricks Users Into Installing Backdoor Plugin

tentortentor Member, Patron Provider

The Wordfence Threat Intelligence Team has recently been informed of a phishing campaign targeting WordPress users. The Phishing email claims to be from the WordPress team and warns of a Remote Code Execution vulnerability on the user’s site with an identifier of CVE-2023-45124, which is not currently a valid CVE. The email prompts the victim to download a “Patch” plugin and install it.

https://www.wordfence.com/blog/2023/12/psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin/

Comments

  • I'm so glad I don't run any Wordpress instances, but this should be pinned as lots of users here may be running Wordpress.

  • Oh damn, this is gold. Tricking people into installing a virus disguised as a patch for a cve.

    Thanked by 1chitree
  • FlorinMarianFlorinMarian Member, Patron Provider
    edited December 2023

    I installed this plugin on our whmcs and now it lighter since our income balance became negative.

    Thanked by 2chitree sillycat
Sign In or Register to comment.