Overview
We’ve seen a recent spike in fake emails which try to appear as if they’ve come from the WordPress security team. Generally, they have an email subject similar to:
IMPORTANT: Vulnerability found – Your website <websitename> is at risk!
One of the more recent emails tries to say there’s a critical vulnerability, with text similar to or containing:
The Remote Code Execution (RCE) vulnerability identified on your site is classified as a critical threat, potentially allowing malicious code execution and putting your data, user details, and overall site security at risk.
We urge you to apply the CVE-2024-46188 Patch as soon as possible, while we are working on mitigitating this crucial security flaw in the next WordPress version.
These emails have NOT originated from the WordPress Team and are designed to get you to download a malicious plugin. Simply delete this email.
This scam has been circulating for a while and has previously listed fake vulnerabilities such as CVE-2023-45124. The emails are originating from domains such as mailserver-wordpress.org and help-wordpress.org.
For more detailed analysis, PatchStack and Wordfence have reviewed the contents of the malicious plugin to show what it would do to your WordPress site if installed.
For further guidance, WordPress have an alert also out in regards to these scams: https://wordpress.org/news/2023/12/alert-wordpress-security-team-impersonation-scams/