{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-6297", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2024-06-25T03:30:37.338Z", "datePublished": "2024-06-25T03:30:37.970Z", "dateUpdated": "2024-08-01T21:33:05.337Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-06-25T03:30:37.970Z"}, "affected": [{"vendor": "warfareplugins", "product": "Social Sharing Plugin \u2013 Social Warfare", "versions": [{"version": "4.4.6.4", "status": "affected", "lessThanOrEqual": "4.4.7.1", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "themerex", "product": "Contact Form 7 Multi-Step Addon", "versions": [{"version": "1.0.4", "status": "affected", "lessThanOrEqual": "1.0.5", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "stuartobrien", "product": "Simply Show Hooks", "versions": [{"version": "1.2.1", "status": "affected", "lessThanOrEqual": "1.2.2", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "pedrogusmao02", "product": "Wrapper Link Elementor", "versions": [{"version": "1.0.2", "status": "affected", "lessThanOrEqual": "1.0.3", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "blazeretail", "product": "BLAZE Retail Widget", "versions": [{"version": "2.2.5", "status": "affected", "lessThanOrEqual": "2.5.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator users and send that data back to a server. Currently, not all plugins have been patched and we strongly recommend uninstalling the plugins for the time being and running a complete malware scan."}], "title": "Several WordPress.org Plugins <= Various Versions - Injected Backdoor", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/56d24bc8-4a1a-4e60-aec5-960703a6058a?source=cve"}, {"url": "https://wordpress.org/support/topic/a-security-message-from-the-plugin-review-team/"}, {"url": "https://plugins.trac.wordpress.org/browser/social-warfare/tags/4.4.6.4/trunk/social-warfare.php#L54"}, {"url": "https://plugins.trac.wordpress.org/browser/social-warfare/tags/4.4.6.4/trunk/social-warfare.php#L583"}, {"url": "https://plugins.trac.wordpress.org/changeset/3105893/"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3106042%40social-warfare&new=3106042%40social-warfare&sfp_email=&sfph_mail="}, {"url": "https://plugins.trac.wordpress.org/browser/simply-show-hooks/trunk/index.php"}, {"url": "https://plugins.trac.wordpress.org/browser/contact-form-7-multi-step-addon/trunk/trx-contact-form-7-multi-step-addon.php"}, {"url": "https://plugins.trac.wordpress.org/browser/wrapper-link-elementor/trunk/wrapper.php?rev=3106508"}, {"url": "https://plugins.trac.wordpress.org/browser/blaze-widget/trunk/blaze_widget.php"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-506 Embedded Malicious Code"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "baseScore": 10, "baseSeverity": "CRITICAL"}}], "timeline": [{"time": "2024-06-24T00:00:00.000+00:00", "lang": "en", "value": "Disclosed"}]}, "adp": [{"affected": [{"vendor": "warfareplugins", "product": "social_warfare", "cpes": ["cpe:2.3:a:warfareplugins:social_warfare:4.4.6.4:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "4.4.6.4", "status": "affected", "lessThanOrEqual": "4.4.7.1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-03T18:45:38.511409Z", "id": "CVE-2024-6297", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-30T17:28:54.948Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:33:05.337Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/56d24bc8-4a1a-4e60-aec5-960703a6058a?source=cve", "tags": ["x_transferred"]}, {"url": "https://wordpress.org/support/topic/a-security-message-from-the-plugin-review-team/", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/social-warfare/tags/4.4.6.4/trunk/social-warfare.php#L54", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/social-warfare/tags/4.4.6.4/trunk/social-warfare.php#L583", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset/3105893/", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3106042%40social-warfare&new=3106042%40social-warfare&sfp_email=&sfph_mail=", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/simply-show-hooks/trunk/index.php", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/contact-form-7-multi-step-addon/trunk/trx-contact-form-7-multi-step-addon.php", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/wrapper-link-elementor/trunk/wrapper.php?rev=3106508", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/blaze-widget/trunk/blaze_widget.php", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/56d24bc8-4a1a-4e60-aec5-960703a6058a?source=cve", "tags": ["x_transferred"]}, {"url": "https://wordpress.org/support/topic/a-security-message-from-the-plugin-review-team/", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/social-warfare/tags/4.4.6.4/trunk/social-warfare.php#L54", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/social-warfare/tags/4.4.6.4/trunk/social-warfare.php#L583", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset/3105893/", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3106042%40social-warfare&new=3106042%40social-warfare&sfp_email=&sfph_mail=", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/simply-show-hooks/trunk/index.php", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/contact-form-7-multi-step-addon/trunk/trx-contact-form-7-multi-step-addon.php", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/wrapper-link-elementor/trunk/wrapper.php?rev=3106508", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/blaze-widget/trunk/blaze_widget.php", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:33:05.337Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-6297", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-03T18:45:38.511409Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:warfareplugins:social_warfare:4.4.6.4:*:*:*:*:*:*:*"], "vendor": "warfareplugins", "product": "social_warfare", "versions": [{"status": "affected", "version": "4.4.6.4", "versionType": "custom", "lessThanOrEqual": "4.4.7.1"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-03T18:56:11.289Z"}}], "cna": {"title": "Several WordPress.org Plugins <= Various Versions - Injected Backdoor", "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 10, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}}], "affected": [{"vendor": "warfareplugins", "product": "Social Sharing Plugin \u2013 Social Warfare", "versions": [{"status": "affected", "version": "4.4.6.4", "versionType": "semver", "lessThanOrEqual": "4.4.7.1"}], "defaultStatus": "unaffected"}, {"vendor": "themerex", "product": "Contact Form 7 Multi-Step Addon", "versions": [{"status": "affected", "version": "1.0.4", "versionType": "semver", "lessThanOrEqual": "1.0.5"}], "defaultStatus": "unaffected"}, {"vendor": "stuartobrien", "product": "Simply Show Hooks", "versions": [{"status": "affected", "version": "1.2.1", "versionType": "semver", "lessThanOrEqual": "1.2.2"}], "defaultStatus": "unaffected"}, {"vendor": "pedrogusmao02", "product": "Wrapper Link Elementor", "versions": [{"status": "affected", "version": "1.0.2", "versionType": "semver", "lessThanOrEqual": "1.0.3"}], "defaultStatus": "unaffected"}, {"vendor": "blazeretail", "product": "BLAZE Retail Widget", "versions": [{"status": "affected", "version": "2.2.5", "versionType": "semver", "lessThanOrEqual": "2.5.2"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2024-06-24T00:00:00.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/56d24bc8-4a1a-4e60-aec5-960703a6058a?source=cve"}, {"url": "https://wordpress.org/support/topic/a-security-message-from-the-plugin-review-team/"}, {"url": "https://plugins.trac.wordpress.org/browser/social-warfare/tags/4.4.6.4/trunk/social-warfare.php#L54"}, {"url": "https://plugins.trac.wordpress.org/browser/social-warfare/tags/4.4.6.4/trunk/social-warfare.php#L583"}, {"url": "https://plugins.trac.wordpress.org/changeset/3105893/"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3106042%40social-warfare&new=3106042%40social-warfare&sfp_email=&sfph_mail="}, {"url": "https://plugins.trac.wordpress.org/browser/simply-show-hooks/trunk/index.php"}, {"url": "https://plugins.trac.wordpress.org/browser/contact-form-7-multi-step-addon/trunk/trx-contact-form-7-multi-step-addon.php"}, {"url": "https://plugins.trac.wordpress.org/browser/wrapper-link-elementor/trunk/wrapper.php?rev=3106508"}, {"url": "https://plugins.trac.wordpress.org/browser/blaze-widget/trunk/blaze_widget.php"}], "descriptions": [{"lang": "en", "value": "Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator users and send that data back to a server. Currently, not all plugins have been patched and we strongly recommend uninstalling the plugins for the time being and running a complete malware scan."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-506 Embedded Malicious Code"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-06-25T03:30:37.970Z"}}}, "cveMetadata": {"cveId": "CVE-2024-6297", "state": "PUBLISHED", "dateUpdated": "2024-08-01T21:33:05.337Z", "dateReserved": "2024-06-25T03:30:37.338Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2024-06-25T03:30:37.970Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator users and send that data back to a server. Currently, not all plugins have been patched and we strongly recommend uninstalling the plugins for the time being and running a complete malware scan."}, {"lang": "es", "value": "Varios complementos para WordPress alojados en WordPress.org se han visto comprometidos y se les han inyectado scripts PHP maliciosos. Un actor de amenaza malicioso comprometi\u00f3 el c\u00f3digo fuente de varios complementos e inyect\u00f3 c\u00f3digo que extrae las credenciales de la base de datos y se utiliza para crear nuevos usuarios administradores maliciosos y enviar esos datos a un servidor. Actualmente, no todos los complementos han sido parcheados y recomendamos encarecidamente desinstalarlos por el momento y ejecutar un an\u00e1lisis completo de malware."}], "id": "CVE-2024-6297", "lastModified": "2024-11-21T09:49:23.010", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2024-06-25T04:15:17.400", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/blaze-widget/trunk/blaze_widget.php"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/contact-form-7-multi-step-addon/trunk/trx-contact-form-7-multi-step-addon.php"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/simply-show-hooks/trunk/index.php"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/social-warfare/tags/4.4.6.4/trunk/social-warfare.php#L54"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/social-warfare/tags/4.4.6.4/trunk/social-warfare.php#L583"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/wrapper-link-elementor/trunk/wrapper.php?rev=3106508"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3105893/"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3106042%40social-warfare&new=3106042%40social-warfare&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "url": "https://wordpress.org/support/topic/a-security-message-from-the-plugin-review-team/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/56d24bc8-4a1a-4e60-aec5-960703a6058a?source=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://plugins.trac.wordpress.org/browser/blaze-widget/trunk/blaze_widget.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://plugins.trac.wordpress.org/browser/contact-form-7-multi-step-addon/trunk/trx-contact-form-7-multi-step-addon.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://plugins.trac.wordpress.org/browser/simply-show-hooks/trunk/index.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://plugins.trac.wordpress.org/browser/social-warfare/tags/4.4.6.4/trunk/social-warfare.php#L54"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://plugins.trac.wordpress.org/browser/social-warfare/tags/4.4.6.4/trunk/social-warfare.php#L583"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://plugins.trac.wordpress.org/browser/wrapper-link-elementor/trunk/wrapper.php?rev=3106508"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://plugins.trac.wordpress.org/changeset/3105893/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3106042%40social-warfare&new=3106042%40social-warfare&sfp_email=&sfph_mail="}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://wordpress.org/support/topic/a-security-message-from-the-plugin-review-team/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/56d24bc8-4a1a-4e60-aec5-960703a6058a?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Awaiting Analysis"}

{}