DEV Community

Leland Dieno
Leland Dieno

Posted on

Wordpress SCAM Plugin Being Sent to Site Owners

Hey everyone,

Most of you probably already know about this, but several of my clients received the below email. Turns out this is a fake URL (looks legit to the average person) and its a malicious plugin.

Dear user
The WordPress Security Team has identified a critical vulnerability on the website: CLIENTSWEBSITE.COM

The Remote Code Execution (RCE) vulnerability identified on your site is classified as a critical threat, potentially allowing malicious code execution and putting your data, user details, and overall site security at risk.

We advise you to apply the CVE-2024-46188 Patch immediately, while we are working on fixing this critical security concern in the next WordPress version.

Simply download the plugin by clicking the button below, install and activate it on your site. This guarantees prompt and trouble-free defense against potential exploits and malicious actions linked to this vulnerability.

wordpress

scams

maliciouscode

Top comments (0)