CVE-2024-6297

Name of the Vulnerable Software and Affected Versions: WordPress plugins (affected versions not specified)

Description: A malicious threat actor has compromised the source code of various WordPress plugins hosted on WordPress.org, injecting malicious PHP scripts. These scripts exfiltrate database credentials, create new malicious administrator users, and send the data back to a server. It is estimated that over 100,000 websites are affected. The issue concerns supply chain techniques and affects the e-commerce industry.

Recommendations: As a temporary workaround, consider uninstalling the affected plugins for the time being and running a complete malware scan. At the moment, there is no information about a newer version that contains a fix for this vulnerability.