CVE-2024-6297

CRITICAL

Compromised WordPress.org Plugins - Malicious Admin Creation

Title source: manual

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-6297. PoCs published by Sudo-WP.

AI-analyzed exploit summary This repository contains a security-hardened fork of the 'Simply Show Hooks' WordPress plugin, addressing CVE-2024-6297 and additional XSS vulnerabilities. It provides a developer tool to visualize WordPress hooks with enhanced security measures.

Description

Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator users and send that data back to a server. Currently, not all plugins have been patched and we strongly recommend uninstalling the plugins for the time being and running a complete malware scan.

Exploits (1)

nomisec WORKING POC

by Sudo-WP · poc

https://github.com/Sudo-WP/sudowp-hooks-visualizer

View Code ZIP pw:eip

This repository contains a security-hardened fork of the 'Simply Show Hooks' WordPress plugin, addressing CVE-2024-6297 and additional XSS vulnerabilities. It provides a developer tool to visualize WordPress hooks with enhanced security measures.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Moderate

Reliability

Reliable

Target: WordPress with 'Simply Show Hooks' plugin

Auth required

Prerequisites: WordPress installation · Admin access to install plugins

MITRE ATT&CK