Description

WordPress Plugin WordPress Framework contains suspicious code. Attackers can exploit this issue to perform a variety of actions: reset password, delete database, etc. Successful attacks will compromise the affected application and possibly the webserver or computer. WordPress Plugin WordPress Framework version 1.0 is affected.

Remediation

Delete the plugin

References

https://blog.sucuri.net/2019/10/cryptominers-backdoors-found-in-fake-plugins.html

Related Vulnerabilities

Atlassian Jira CVE-2021-43947 Vulnerability (CVE-2021-43947)

WordPress Plugin ALO EasyMail Newsletter Multiple Vulnerabilities (2.6.00)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-7837)

WordPress Plugin Exquisite PayPal Donation Cross-Site Scripting (2.0.0)

WordPress Plugin Media.net Ads Manager Arbitrary File Upload (2.10.13)

Severity

High

Classification

CWE-95 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update