Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
WordPress Plugin WordPress Framework Possible Backdoor (1.0) - Vulnerability Database

WordPress Plugin WordPress Framework Possible Backdoor (1.0)

Description

WordPress Plugin WordPress Framework contains suspicious code. Attackers can exploit this issue to perform a variety of actions: reset password, delete database, etc. Successful attacks will compromise the affected application and possibly the webserver or computer. WordPress Plugin WordPress Framework version 1.0 is affected.

Remediation

Delete the plugin

References

https://blog.sucuri.net/2019/10/cryptominers-backdoors-found-in-fake-plugins.html

Related Vulnerabilities

Apache httpOnly cookie disclosure Medium
Common tags: Missing Update
WordPress 5.1.x Multiple Vulnerabilities (5.1 - 5.1.17) High
Common tags: Missing Update
WordPress 5.5.x Multiple Vulnerabilities (5.5 - 5.5.13) High
Common tags: Missing Update
WordPress 5.5.x Directory Traversal (5.5 - 5.5.14) High
Common tags: Missing Update
WordPress 5.4.x Multiple Vulnerabilities (5.4 - 5.4.14) High
Common tags: Missing Update

Severity

High

Classification

CWE-95
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update