Description

WordPress Plugin WordPress Framework contains suspicious code. Attackers can exploit this issue to perform a variety of actions: reset password, delete database, etc. Successful attacks will compromise the affected application and possibly the webserver or computer. WordPress Plugin WordPress Framework version 1.0 is affected.

Remediation

Delete the plugin

References

https://blog.sucuri.net/2019/10/cryptominers-backdoors-found-in-fake-plugins.html

Related Vulnerabilities

Internet Information Services Improper Input Validation Vulnerability (CVE-2009-4445)

MySQL CVE-2019-2803 Vulnerability (CVE-2019-2803)

WordPress Plugin PDF Flipbook, 3D Flipbook WordPress-DearFlip Cross-Site Scripting (1.7.9)

WordPress Plugin Sell Downloads Unspecified Vulnerability (1.0.85)

XWiki Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') Vulnerability (CVE-2022-41928)

Severity

High

Classification

CWE-95 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update