cvedb.io
CVE-2024-6297
CRITICAL · CVSS 10
EPSS exploitation probability: 0%
Published 2024-06-25T04:15:17.400 · Last modified 2026-06-17T08:17:43.987

Summary

Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator users and send that data back to a server. Currently, not all plugins have been patched and we strongly recommend uninstalling the plugins for the time being and running a complete malware scan.

Does this affect you?

Add your gear to cvedb and we'll alert you only when a vendor you run ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.