CVE-2024-46188 Patch?
-
I got an email about a security patch and need to download a plugin for it, I want to make sure its a legit patch and not a virus or malicious thing.
Self-declared URL: emeryallen.com
Jetpack: Unknown
WP.com: UnknownThe blog I need help with is: (visible only to logged in users)
-
I also received this very convincing email this morning and noticed the bit.ly links in it and the us-wordpress.com domain before getting very far. Other links on the page it goes to have links to true wordpress.org resources. Definitely an attempt to hijack a site.
Dear user
The WordPress Security Team has found a critical vulnerability on the website: [Redacted]
The Remote Code Execution (RCE) vulnerability detected on your site is categorized as a critical threat, potentially enabling malicious code execution and putting your data, user informations, and overall site security at risk.
We urge you to apply the CVE-2024-46188 Patch as soon as possible, as we are working on addressing this crucial security flaw in the next WordPress version.
Simply download the plugin by clicking the button below, install and activate it on your site. This establishes rapid and seamless defense against potential exploits and malicious actions associated with this vulnerability.
Download Plugin
Regards,
The WordPress Team. -
Hi there!
Looking into this, the WordPress.org team – which is separate from us here at WordPress.com and the ones who create the WordPress software – had an announcement of a phishing attempt and that you should ignore: https://wordpress.org/news/2023/12/alert-wordpress-security-team-impersonation-scams/
They also advise:
The WordPress Security Team will never email you requesting that you install a plugin or theme on your site, and will never ask for an administrator username and password.
-from the above linked postI hope that helps! And good job being suspicious of that email! Feel free to delete and ignore these.
Let us know if you have any other questions.
-
I received the same phishing email only from (email visible only to moderators and staff)
-
Thank you, I also got the same email and found this topic/post here while researching a “CVE-2024-46188 Patch immediately” and I glad I did. I will ignore the email as well.
-
I also received the following email, sent to my info@ email, for my WooCommerce site, (Wild As The Wind Natural Skincare & Essential Oils UK). I also run a WordPress information site, but have received no notification for this one.
The email contains an embedded link to my website, and the format is convincing.
Thankfully, I didn’t click the tab provided.
I also received a phishing email from my hosting company last week, saying that I owed money. It was a demand for payment for just over £10.00. Again, the format of the email was really convincing.
All of this is deeply concerning!
Dear user
The WordPress Security Team has detected a critical vulnerability on the website: <u>wildasthewind.com</u>
The Remote Code Execution (RCE) vulnerability detected on your site is categorized as a high-risk threat, potentially enabling malicious code execution and putting your data, user details, and overall site security at risk.
We urge you to apply the CVE-2024-46188 Patch immediately, while we are working on fixing this important security concern in the upcoming WordPress update.
Simply download the plugin by clicking the button below, install and activate it on your site. This establishes quick and seamless protection against potential exploits and malicious actions related to this vulnerability.
-
By the way, the sending email address to me was visible: (email visible only to moderators and staff)
Again, completely convincing! (Not like the “email visible only to moderators and staff” versions of the email others have received.)
-
Hi @insigniabooks @momalwaysknowscom and @wilddigital
Thanks for sharing additional details. They definitively look like phishing attempts.
Please ignore those emails. As indicated above, we will never email you requesting that you should install a plugin or theme on your site or ask for a username or password.
If you ever need to update your plugins, please do this from the plugins section on your dashboard. -
Hi @staff-oikake and @staff-heroponriki,
We also received this phishing email. Would it be helpful to report to the Security Team on HackerOne? Or not since it seems WordPress is aware of the situation?
Thanks for your guidance!
-
@honeyagencyadmin reporting that email won’t help much as they reguraly change the senders email address.
Simply ignore those emails and mark them as spam.
-
-
Received the same email. It was a bit suspicious but at the same time I was worried about my website. Glad to see that the phishing attempt has been already flagged!
-
That CVE-2024-46188 Email still filtering out to various WP based sites.. just got one RE: my WooComm site..
I LOL’d already knowing it was a scam.. but as many have said, Its pretty convincing on the surface.
Wonder if someone has reported it to Amazon simple email services (amazonses.com) yet as they seem to be using that..
-
Hi, I received the exact same email and I recently had my website hacked (or so I am being told by the developer). I clicked on the link buttong which downloaded a zipped folder containing a few PHP files. I haven’t done anything else as I became a bit suspisious. Nothing has gone wrong with my website as of yet. Can anyone advise if this would have compromised my website already? Is there anything I can do to prevent any attacks?
Any advise would be appreciated.
-
To add to this, I haven’t installed the plugin or attempted to open any files within the zipped folder. It just downloaded as soon as I clicked on the link and I simply browsed to see the content. But never did I attempt to open any of the files. I am hoping that this wouldn’t cause any issues, but any advise will be appreciated. I also deleted the folder soon after.
-
-
Hi,
I DID install the “patch” and a third party logged into my WP dashboard as admin. However, they do not appear in the user list. It says “3 admins” at the top, but when I click on it, it only shows 2: the web designer and myself.
The plugin that I installed is not showing in the active plugins list either, so I cannot de-activate it.
How can I get rid of this?
thanks -
Might want to read https://www.wordfence.com/blog/2023/12/psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin/ for some info that may help you remove this.
You will need access to editing your database to remove the fake admin most likely.
-
It is a phishing attempt. I am glad that I checked it out on the WordPress support forum. The email went to the email junk folder. However, my email provider also sends genuine emails from my website to my customer’s junk. Maybe the two things are linked in some way and providing a vulnerability. I only found the phishing when trying to find why one of my own genuine emails had disappeared, possibly due to the email being marked “junk” by the email provider.
- The topic ‘CVE-2024-46188 Patch?’ is closed to new replies.
WordPress.com Forums 