{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T02:17:46.718","vulnerabilities":[{"cve":{"id":"CVE-2024-6297","sourceIdentifier":"security@wordfence.com","published":"2024-06-25T04:15:17.400","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator users and send that data back to a server. Currently, not all plugins have been patched and we strongly recommend uninstalling the plugins for the time being and running a complete malware scan."},{"lang":"es","value":"Varios complementos para WordPress alojados en WordPress.org se han visto comprometidos y se les han inyectado scripts PHP maliciosos. Un actor de amenaza malicioso comprometió el código fuente de varios complementos e inyectó código que extrae las credenciales de la base de datos y se utiliza para crear nuevos usuarios administradores maliciosos y enviar esos datos a un servidor. Actualmente, no todos los complementos han sido parcheados y recomendamos encarecidamente desinstalarlos por el momento y ejecutar un análisis completo de malware."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}]},"references":[{"url":"https://plugins.trac.wordpress.org/browser/blaze-widget/trunk/blaze_widget.php","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/contact-form-7-multi-step-addon/trunk/trx-contact-form-7-multi-step-addon.php","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/simply-show-hooks/trunk/index.php","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/social-warfare/tags/4.4.6.4/trunk/social-warfare.php#L54","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/social-warfare/tags/4.4.6.4/trunk/social-warfare.php#L583","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wrapper-link-elementor/trunk/wrapper.php?rev=3106508","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3105893/","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3106042%40social-warfare&new=3106042%40social-warfare&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://wordpress.org/support/topic/a-security-message-from-the-plugin-review-team/","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/56d24bc8-4a1a-4e60-aec5-960703a6058a?source=cve","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/blaze-widget/trunk/blaze_widget.php","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://plugins.trac.wordpress.org/browser/contact-form-7-multi-step-addon/trunk/trx-contact-form-7-multi-step-addon.php","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://plugins.trac.wordpress.org/browser/simply-show-hooks/trunk/index.php","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://plugins.trac.wordpress.org/browser/social-warfare/tags/4.4.6.4/trunk/social-warfare.php#L54","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://plugins.trac.wordpress.org/browser/social-warfare/tags/4.4.6.4/trunk/social-warfare.php#L583","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://plugins.trac.wordpress.org/browser/wrapper-link-elementor/trunk/wrapper.php?rev=3106508","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://plugins.trac.wordpress.org/changeset/3105893/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3106042%40social-warfare&new=3106042%40social-warfare&sfp_email=&sfph_mail=","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://wordpress.org/support/topic/a-security-message-from-the-plugin-review-team/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/56d24bc8-4a1a-4e60-aec5-960703a6058a?source=cve","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}