Description

WordPress Plugin WordPress Framework contains suspicious code. Attackers can exploit this issue to perform a variety of actions: reset password, delete database, etc. Successful attacks will compromise the affected application and possibly the webserver or computer. WordPress Plugin WordPress Framework version 1.0 is affected.

Remediation

Delete the plugin

References

https://blog.sucuri.net/2019/10/cryptominers-backdoors-found-in-fake-plugins.html

Related Vulnerabilities

Serendipity Other Vulnerability (CVE-2005-1451)

WordPress Plugin WP e-Commerce Shop Styling Arbitrary File Download (2.5)

WordPress Plugin Popup Builder-Create highly converting, mobile friendly marketing popups Server-Side Request Forgery (4.2.5)

Rukovoditel Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-43164)

WordPress Plugin BuddyPress Multiple Vulnerabilities (9.0.0)

Severity

High

Classification

CWE-95 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update