WordPress Plugins Injected Backdoor Vulnerability Impacts Multiple (CVE-2024-6297)

Posted by Author Diksha Ojha on Posted on

Multiple WordPress plugins are vulnerable to a critical severity vulnerability tracked as CVE-2024-6297. The vulnerability is given a CVSS score of 10. The vulnerability impacts 13 plugins.

WordPress plugins hosted on WordPress.org have been hijacked, as malicious PHP scripts have been injected into them. As per the WordPress advisory, “A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious administrator users and send that data back to a server.”

Affected versions

  • WPCOM Member version
    • 1.3.15 – 1.3.15
    • 1.3.16 – 1.3.16
  • Twenty20 Image Before-After versions
    • 1.5.4 – 1.5.4
    • 1.6.2 – 1.6.2
    • 1.6.3 – 1.6.3
  • Britetechs Companion version 2.2.7
  • SEO Optimized Images version 2.1.2
  • WP Server Health Stats versions 1.7.6
  • Simply Show Hooks version 1.2.1 to 1.2.2
  • BLAZE Retail Widget version 2.2.5 to 2.5.2
  • Ad Invalid Click Protector (AICP) version 1.2.9
  • Wrapper Link Elementor version 1.0.2 to 1.0.3
  • Pods – Custom Content Types and Fields versions 3.2.3
  • Contact Form 7 Multi-Step Addon version 1.0.4 to 1.0.5
  • Social Sharing Plugin – Social Warfare version 4.4.6.4 to 4.4.7.1
  • PowerPress Podcasting plugin by Blubrry versions 11.9.3 to 11.9.4

Mitigation

  • WPCOM Member version 1.3.14
  • BLAZE Retail Widget version 2.5.4
  • Seo Optimized Images version 2.1.4
  • Britetechs Companion version 2.2.8
  • WP Server Health Stats versions 1.7.8
  • Wrapper Link Elementor version 1.0.5
  • Twenty20 Image Before-After version 1.6.4
  • Ad Invalid Click Protector (AICP) version 1.2.11
  • Contact Form 7 Multi-Step Addon version 1.0.7
  • Social Sharing Plugin – Social Warfare version 4.4.7.3
  • Pods – Custom Content Types and Fields version 3.2.2
  • PowerPress Podcasting plugin by Blubrry version 11.9.6

NOTE: WordPress has not released patches for the Simply Show Hooks plugin.

Qualys Detection

Qualys customers can scan their devices with QID 731607 to detect vulnerable assets.

Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.

References

https://www.wordfence.com/threat-intel/vulnerabilities/detail/several-wordpressorg-plugins-various-versions-injected-backdoor

Leave a Reply

Your email address will not be published. Required fields are marked *