A phishing scam that targets WordPress users is on the rise, leaving several websites vulnerable to malicious attacks. Once hackers access your site, they can use a hidden user account to take it over or, worse, gain access to your personal information and use it to commit more cyber crimes.
Phishing scams can happen to virtually any individual or organization. According to a study, over 80% of businesses have experienced at least one phishing attack. If you’re not careful, your site may be next.
Read about the basics and learn how to keep your WordPress site safe from the dangers of CVE-2023-45124.
What is the CVE 2023-45124 Phishing Scam?
Common Vulnerabilities and Exposures (CVE) are public security flaws identified, listed, and shared with the general public. Each CVE on the list is assigned a unique number, which distinguishes it from other vulnerabilities. The CVE 2023-45124 Phishing Scam is a Remote Code Execution (RCE) attack, or a remote cybersecurity attack (such as malware), that is designed to deceive WordPress users into downloading a “Patch” plugin, granting hackers complete control over your website and user data.
CVE 2023-45124 currently is not recognized as a valid CVE.
It starts with an email from the hacker, claiming to be the WordPress team and urging users to download a CVE-2023-45124 patch to ensure maximum site security. After a user clicks the “Download” button, they will be redirected to one of these harmful landing pages:
- en-gb-wordpress[.]org
- Wpgate[.]zip. (once the plugin has been downloaded and installed)
These actions will trigger a hidden administration user (the username may be wpsecuritypatch) and a backdoor plugin to be installed. The plugin ensures that this secret admin account remains undetectable, so the hacker can rummage through your website and invade your privacy in peace.
Has My WordPress Site Been Compromised?
Is the CVE-2023-45124 scam in the process of compromising your WordPress website? Here are a few warning signs Wordference has provided to help you identify if a phishing scam may be taking place:
- If you notice wp-autoload.php file in the webroot with a SHA-256 hash of ffd5b0344123a984d27c4aa624215fa6452c3849522803b2bc3a6ee0bcb23809
- If a plugin with a slug of wpress-security-wordpress
- If you come across a hidden administrative user with a username of wpsecuritypatch
- If you have been redirected to any malicious domains (en-gb-wordpress[.]org and Wpgate[.]zip)
Don’t let hackers trick you into letting them in. Use these tips and more to stay informed on the CVE-2023-45124 scam and other ways to remain hacker-free.
Caressa Losier
Latest posts by Caressa Losier (see all)
- 6 Things AI Still Can’t Do in the Workplace - April 24, 2024
- 6 Powerful Google Tools You Should Try - April 5, 2024
- 5 Key Takeaways from the HubSpot 2024 State of Marketing Report - March 12, 2024
Leave a Reply