Home / Vulnerabilities / Critical / CVE-2024-6297 WordPress Plugin Backdoor

CVE-2024-6297 WordPress Plugin Backdoor

Severity: Critical

Summary#

Invicti detected an indicator suggesting that the scanned application was backdoored.

The detected payload was part of an attack on WordPress plugin maintainers and placed in various different WordPress plugins.

Impact#

An attacker can execute arbitrary commands on the system or run JavaScript code under the context of your web application.

Actions To Take#

Remove the identified web backdoor from your web server.
Ensure that all of the WordPress plugins on your website are up-to-date.

Classifications#

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, PCI v3.2-6.5.6, CAPEC-443, CWE-507, HIPAA-164.308(a), ISO27001-A.12.2.1, OWASP 2017-A10

Invicti Security Insights

The SANS/CWE Top 25 dangerous software errors of 2021

Related Articles

Build your resistance to threats. And save hundreds of hours each month.

Get a demo See how it works