CVE-2023-45124
On December 1, 2023, the team over at
Wordfence discovered a phishing email campaign targeting
WordPress users. The phishing email claims to be from the
WordPress development team and warns of a Remote Code Execution (RCE) vulnerability on the user’s site with an identifier of
CVE-2023-45124. This is a fake CVE,
as there is no known vulnerability with this identifier.
The phishing email prompts the victim to download a “Patch” plugin and install it. The Download Plugin link redirects the victim to a convincing fake landing page at
en-gb-wordpress[.] org, which closely resembles the legitimate
WordPress.org website. Once the victim downloads and installs the plugin, it will create a backdoor on their site, allowing the attackers to gain unauthorised access.
How to Protect Yourself from This Phishing Scam
- Be cautious of emails that claim to be from the WordPress team.
If you receive an email that warns of a vulnerability and prompts you to download a plugin, be suspicious. Do not click on any links in the email, and do not download any plugins from outside of the official WordPress plugin repository.
- Only install plugins from the official WordPress plugin repository.
The official plugin repository is the safest place to download plugins, as all plugins are reviewed by WordPress before they are added to the repository.
- Keep your WordPress installation up to date.
WordPress releases security updates regularly to fix vulnerabilities. Make sure that you are running the latest version of WordPress and all of your plugins.
Keep updated with the latest from purely.website
If you think you have been affected by this phishing scam
- Immediately deactivate and delete the malicious plugin.
You can do this by logging in to your WordPress site and going to Plugins, Installed Plugins. Find the plugin named CVE-2023-45124 Patch and click the Deactivate link. Then, click the Delete link.
- Change your WordPress administrator password.
This will prevent the attackers from being able to log in to your site.
- Scan your site for malware.
There are a number of WordPress security plugins that can scan your site for malware.
In addition to the above
- Be aware of phishing scams.
Phishing scams are a common way for attackers to trick people into revealing personal information or installing malware. Be suspicious of any emails or websites that ask you to enter your personal information, and do not click on any links in emails from unknown senders.
- Use a strong password for your WordPress site.
A strong password is at least 12 characters long and includes a mix of uppercase and lowercase letters, numbers, and symbols.
- Enable two-factor authentication for your WordPress site.
Two-factor authentication adds an extra layer of security to your site by requiring you to enter a code from your phone in addition to your password when you log in.
By following these tips, you can help protect yourself from phishing scams and other online threats.
Author: Jamie Moynahan
Jamie is the Support Manager at Pipe Ten, being an integral part of the team for well over 10 years. Jamie is a seasoned expert with the intricacies in the fast changing world of website applications, hosting and domain name registration. This broad knowledge is instrumental to the entire customer support experience which purely.website members have come to rely on. Jamie has written and published hundreds of articles about hosting and managing website applications and domain name registration management processes.