Published on 05 Dec 2023 | Updated on 05 Dec 2023
There are reports regarding an ongoing phishing campaign targeting WordPress.
The campaign involves the use of a phishing email warning victims of a Remote Code Execution (RCE) vulnerability on their website with a fake identifier of CVE-2023-45124, urging them to download a plugin that allegedly addresses the security issue. The plugin URL link embedded within the phishing email will redirect the victim to a fake landing page to download and install a malicious backdoor on their WordPress site which can be utilised in the future for further exploitation.
Indicators of Compromise (IOCs)
Possible indicators of compromise (IOCs) associated with the ongoing phishing campaign are shown below:
Users and administrators are advised to be vigilant towards such phishing attempts and to not click on any links in the reported email, including the "Unsubscribe" link and the download button of the malicious plugin.
More information available here: