Description

WordPress Plugin WordPress Framework contains suspicious code. Attackers can exploit this issue to perform a variety of actions: reset password, delete database, etc. Successful attacks will compromise the affected application and possibly the webserver or computer. WordPress Plugin WordPress Framework version 1.0 is affected.

Remediation

Delete the plugin

References

https://blog.sucuri.net/2019/10/cryptominers-backdoors-found-in-fake-plugins.html

Related Vulnerabilities

WordPress Plugin WP Super Cache Cross-Site Scripting (1.4.2)

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-10405)

WordPress Plugin wptf-image-gallery Arbitrary File Download (1.0.3)

WordPress Plugin Copify Cross-Site Request Forgery (1.3.0)

Nexus Repository Manager Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') Vulnerability (CVE-2018-16621)

Severity

High

Classification

CWE-95 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update