Many WordPress users recently received a fake email claiming to be from the WordPress Security Team about a supposed vulnerability called “Remote Code Execution (RCE)” on their website. The users are asked to download, install and activate a CVE-2024-46188 Patch plugin.
Here is what the email looks like:
This is not a solicited email and you should not click on the download button, which will actually take you to a site that has cloned the WordPress.org site in a very sophisticated way. If you get tricked into installing the plugin, it will create a hidden user account with administrator privileges which will be sent to the attackers.
Here are a couple of things to be aware of so you can recognize phishing emails:
- The WordPress Security Team will never email you requesting that you install a plugin or theme on your site, and will never ask for an administrator username and password.
- Official emails from the WordPress project will always come from a @wordpress.org or @wordpress.net domain. You can notice that the above email comes from a “mailing-wordpress.org” domain. Tricky!
- Phishing emails insist that you act immediately or there might be crucial consequences. Always make sure you check if the information is legitimate before taking any action.
You can find more about WordPress Security Team impersonation scams here.
