Beware of Spoof EMail from mailing-wordpress.org
-
WARNING
Received the following SPOOF email a few minutes ago:
Dear user
The WordPress Security Team has detected a critical vulnerability on the website: <u>counterbalanceshop.com</u>
The Remote Code Execution (RCE) vulnerability found on your site is classified as a critical threat, potentially enabling malicious code execution and putting your data, user informations, and overall site security at risk.
We urge you to use the CVE-2024-46188 Patch immediately, as we are working on addressing this critical security flaw in the upcoming WordPress update.
Simply download the plugin by clicking the button below, install and activate it on your site. This establishes swift and hassle-free protection against potential exploits and malicious actions related with this vulnerability.
Download Plugin
Sincerely,
The WordPress Team
A WHOIS search reveals that the domain was created a few days ago and is not affiliated with the real WordPress. We did not click on the link since I always check the sender of any email that includes links to outside sites.
The blog I need help with is: (visible only to logged in users)
-
I just received this as well, I was a little weary and wanted to check and see if this was real or a fake SPOOF. Thank you for the heads up.
-
I try to be proactive when I get this crap! I tried to actually contact support @ WordPress- futile gesture! Even posted on Xwitter to no avail! Normally I contact the domain registrar to delete the fake domain but if WordPress doesn’t GAS then I’m not going through the effort.
-
This is well-known since december 2023, https://wordpress.org/news/2023/12/alert-wordpress-security-team-impersonation-scams/
- The topic ‘Beware of Spoof EMail from mailing-wordpress.org’ is closed to new replies.
WordPress.com Forums 