CVE-2024-6297
CRITICAL
Published Jun 25, 2024
Modified Apr 15, 2026
Description
Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator users and send that data back to a server. Currently, not all plugins have been patched and we strongly recommend uninstalling the plugins for the time being and running a complete malware scan.
Is your site exposed to CVE-2024-6297?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
10.0
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
References
Other References
https://plugins.trac.wordpress.org/browser/blaze-widget/trunk/blaze_widget.php
https://plugins.trac.wordpress.org/browser/contact-form-7-multi-step-addon/trunk/trx-contact-form-7-multi-step-addon.php
https://plugins.trac.wordpress.org/browser/simply-show-hooks/trunk/index.php
https://plugins.trac.wordpress.org/browser/social-warfare/tags/4.4.6.4/trunk/social-warfare.php#L54
https://plugins.trac.wordpress.org/browser/social-warfare/tags/4.4.6.4/trunk/social-warfare.php#L583
https://plugins.trac.wordpress.org/browser/wrapper-link-elementor/trunk/wrapper.php?rev=3106508
https://plugins.trac.wordpress.org/changeset/3105893/
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3106042%40social-warfare&new=3106042%40social-warfare&sfp_email=&sfph_mail=
https://wordpress.org/support/topic/a-security-message-from-the-plugin-review-team/
https://www.wordfence.com/threat-intel/vulnerabilities/id/56d24bc8-4a1a-4e60-aec5-960703a6058a?source=cve
Frequently Asked Questions
What is CVE-2024-6297? +
Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator users and send that data back to a server. Currently, not all plugins have been patched and we strongly recommend uninstalling the plugins for the time being and running a complete malware scan. It has a CVSS v3.1 base score of 10.0 (CRITICAL).
How severe is CVE-2024-6297? +
CVE-2024-6297 has a CVSS v3.1 score of 10.0 out of 10, rated CRITICAL. This is a critical vulnerability that should be patched immediately.
How do I check if I'm vulnerable to CVE-2024-6297? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.