I’ve just recently received multiple emails from what appears to be from wordpress.org about a vulnerability found on our websites. I have received one for each WordPress website that we manage. Here’s the full email I received:
Dear user
The WordPress Security Team has detected a critical vulnerability on the website: xxxxx
The Remote Code Execution (RCE) vulnerability discovered on your site is categorized as a critical threat, potentially allowing malicious code execution and putting your data, user details, and overall site security at risk.
We urge you to apply the CVE-2024-46188 Patch immediately, as we are working on mitigitating this crucial security hole in the next WordPress version.
Simply download the plugin by clicking the button below, install and activate it on your site. This guarantees rapid and easy-going defense against potential exploits and malicious actions linked with this vulnerability.
Download Plugin
Sincerely,The WordPress Team.
Whatever you do, don’t download the plugin and install it. This email appears to be a scam. The email address is actually from the domain mailing-wordpress.org
The email started being sent on the 6th January 2024 and there must be a script that checks whether the website is using WordPress, then sends an email to the administrator’s email. All you have to do is just ignore the email and even mark it as spam.
Hope this helps and good luck. If you’ve installed the plugin, then make sure you immediately disable it and also delete it. The best way would be to restore your site from a backup without the plugin being installed.
If this article helped you in any way and you want to show your appreciation, I am more than happy to receive donations through PayPal. This will help me maintain and improve this website so I can help more people out there. Thank you for your help.
HELP OTHERS AND SHARE THIS ARTICLE
LEAVE A COMMENT
I am an entrepreneur based in Sydney Australia. I was born in Vietnam, grew up in Italy and currently residing in Australia. I started my first business venture Advertise Me from a random idea and have never looked back since. My passion is in the digital space, affiliate marketing, fitness and I launched several digital products. You will find these on the portfolio page.
I’ve decided to change from a Vegetarian to a Vegan diet and started a website called Veggie Meals.
I started this blog so I could leave a digital footprint of my random thoughts, ideas and life in general.
If any of the articles helped you in any way, please donate. Thank you for your help.
Affiliate Compensated: there are some articles with links to products or services that I may receive a commission.
