PSA: Fake CVE-2023-45124 Phishing Scam Tricks Users Into Installing Backdoor Plugin

The Wordfence Threat Intelligence Team has recently been informed of a phishing campaign targeting WordPress users. The Phishing email claims to be from the WordPress team and warns of a Remote Code Execution vulnerability on the user’s site with an identifier of CVE-2023-45124, which is not currently a valid CVE. The email prompts the victim to download a “Patch” plugin and install it.

This post was originally published on Wordfence by Ram Gall.

Follow us

Don't be shy, get in touch. We love meeting interesting people and making new friends.