CVE-2023-45124

Name of the Vulnerable Software and Affected Versions WordPress (affected versions not specified)

Description A phishing campaign is targeting WordPress administrators with fake security advisories regarding a non-existent vulnerability. The emails aim to trick users into installing a malicious plugin, potentially leading to site takeover and remote code execution. The campaign uses a fictitious vulnerability tracked as a non-valid identifier to distribute the backdoor plugin.

Recommendations As a temporary workaround, consider disabling any recently installed plugins until the issue is resolved. Restrict access to the WordPress administrator dashboard to minimize the risk of exploitation. Avoid clicking on links or downloading plugins from unverified sources, especially those claiming to fix non-existent vulnerabilities. At the moment, there is no information about a newer version that contains a fix for this vulnerability.