Description

WordPress Plugin WP Server Health Stats contains malicous code. Exploiting this issue may allow an attacker to create a new administrative user account, thus compromising the affected application, and possibly the webserver or computer. WordPress Plugin WP Server Health Stats version 1.7.6 is affected.

Remediation

Update to plugin version 1.7.8 or latest

References

https://www.wordfence.com/blog/2024/06/3-more-plugins-infected-in-wordpress-org-supply-chain-attack-due-to-compromised-developer-passwords/

https://plugins.trac.wordpress.org/changeset/3109252

Related Vulnerabilities

WordPress Plugin Open Graph for Facebook, Google+ and Twitter Card Tags Cross-Site Scripting (2.2.4)

WordPress Plugin wpForo Forum SQL Injection (1.4.9)

Apache HTTP Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2010-1623)

WordPress Plugin Simple URLs-Link Cloaking, Product Displays, and Affiliate Link Management Multiple Vulnerabilities (114)

OpenSSL 7PK - Security Features Vulnerability (CVE-2015-1793)

Severity

High

Classification

CVE-2024-6297 CWE-506 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update