email from your security team?

  • sfeirfadygmailcom · Member ·

    Hello, I received the following email from (email visible only to moderators and staff). Please confirm whether this is really coming from your services :

    Dear user,

    The WordPress Security Team has detected a Remote Code Execution (RCE) vulnerability on your site, which allows attackers to add malicious code and risk your data, user details and more.

    As we work on addressing this critical security concern in the upcoming WordPress update, we require you to immediately use the CVE-2023-46182 Patch, a plugin launched by the WordPress Team.

    All you have to do is just download, install and activate the plugin, ensuring a quick and trouble-free protection of your website’s security against the potential exploits and malicious activities related with this vulnerability.

    Self-declared URL: http://www.pifapapa.fr
    Jetpack: Unknown
    WP.com: Unknown

    The blog I need help with is: (visible only to logged in users)

  • staff-mizantium · Staff ·

    Hello there @sfeirfadygmailcom!

    At present, your site, pifapapa.fr is not hosted at WordPress.com, and this is a notice that comes from wordpress.org instead of wordpress.com (the latter of which are the domain emails that would come from us).

    This distinction may be clarified by the article about self hosted WordPress websites versus WordPress websites hosted here on our Managed WordPress hosting platform at WordPress.com.

    I can share however, that there is a report about this being a fake email, that you can read about at the links shared below:

    PSA: Fake CVE-2023-45124 Phishing Scam Tricks Users Into Installing Backdoor Plugin

    https://patchstack.com/articles/fake-cve-phishing-campaign-tricks-wordpress-users-to-install-malware/

    I hope this has been helpful, but feel free to reach out if you have any further questions!

  • The topic ‘email from your security team?’ is closed to new replies.