{"id":54758,"date":"2023-12-04T13:06:28","date_gmt":"2023-12-04T13:06:28","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/35262\/PSA-Fake-CVE-2023-45124-Phishing-Scam-Tricks-Users-Into-Installing-Backdoor-Plugin.html"},"modified":"2023-12-04T13:06:28","modified_gmt":"2023-12-04T13:06:28","slug":"psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin\/","title":{"rendered":"PSA: Fake CVE-2023-45124 Phishing Scam Tricks Users Into Installing Backdoor Plugin"},"content":{"rendered":"<p>The Wordfence Threat Intelligence Team has recently been informed of a phishing campaign targeting WordPress users. The Phishing email claims to be from the WordPress team and warns of a Remote Code Execution vulnerability on the user\u2019s site with an identifier of CVE-2023-45124, which is not currently a valid CVE. The email prompts the victim to download a \u201cPatch\u201d plugin and install it.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-32806\" src=\"https:\/\/www.wordfence.com\/wp-content\/uploads\/2023\/12\/phishing-email.png\" alt width=\"587\" height=\"754\" srcset=\"https:\/\/www.wordfence.com\/wp-content\/uploads\/2023\/12\/phishing-email.png 587w, https:\/\/www.wordfence.com\/wp-content\/uploads\/2023\/12\/phishing-email-234x300.png 234w, https:\/\/www.wordfence.com\/wp-content\/uploads\/2023\/12\/phishing-email-117x150.png 117w\" sizes=\"auto, (max-width: 587px) 100vw, 587px\"><\/p>\n<p>The Download Plugin link redirects the victim to a convincing fake landing page at <code>en-gb-wordpress[.]org<\/code>:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-32808\" src=\"https:\/\/www.wordfence.com\/wp-content\/uploads\/2023\/12\/landingpage.png\" alt width=\"2294\" height=\"1144\" srcset=\"https:\/\/www.wordfence.com\/wp-content\/uploads\/2023\/12\/landingpage.png 2294w, https:\/\/www.wordfence.com\/wp-content\/uploads\/2023\/12\/landingpage-300x150.png 300w, https:\/\/www.wordfence.com\/wp-content\/uploads\/2023\/12\/landingpage-1024x511.png 1024w, https:\/\/www.wordfence.com\/wp-content\/uploads\/2023\/12\/landingpage-150x75.png 150w, https:\/\/www.wordfence.com\/wp-content\/uploads\/2023\/12\/landingpage-1536x766.png 1536w, https:\/\/www.wordfence.com\/wp-content\/uploads\/2023\/12\/landingpage-2048x1021.png 2048w\" sizes=\"auto, (max-width: 2294px) 100vw, 2294px\"><\/p>\n<p>If the victim downloads the plugin and installs it on their WordPress site, the plugin is installed with a slug of <code>wpress-security-wordpress<\/code> and adds a malicious administrator user with the username <code>wpsecuritypatch<\/code>. It then sends the site URL and generated password for this user back to a C2 domain: <code>wpgate[.]zip<\/code>. The malicious plugin also includes functionality to ensure that this user remains hidden. Additionally, it downloads a separate backdoor from <code>wpgate[.]zip<\/code> and saves it with a filename of <code>wp-autoload.php<\/code> in the webroot. This separate backdoor includes a hardcoded password that includes a file manager, a SQL Client, a PHP Console, and a Command Line Terminal, in addition to displaying server environment information:<\/p>\n<p><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-32809\" src=\"https:\/\/www.wordfence.com\/wp-content\/uploads\/2023\/12\/backdoor.png\" alt width=\"1026\" height=\"376\" srcset=\"https:\/\/www.wordfence.com\/wp-content\/uploads\/2023\/12\/backdoor.png 1026w, https:\/\/www.wordfence.com\/wp-content\/uploads\/2023\/12\/backdoor-300x110.png 300w, https:\/\/www.wordfence.com\/wp-content\/uploads\/2023\/12\/backdoor-1024x375.png 1024w, https:\/\/www.wordfence.com\/wp-content\/uploads\/2023\/12\/backdoor-150x55.png 150w\" sizes=\"auto, (max-width: 1026px) 100vw, 1026px\"><\/p>\n<p>This allows attackers to maintain persistence through multiple forms of access, granting them full control over the WordPress site as well as the web user account on the server.<\/p>\n<h2>Indicators of Compromise:<\/h2>\n<ul>\n<li>A <code>wp-autoload.php<\/code>&nbsp;file in the webroot with a SHA-256 hash of <code>ffd5b0344123a984d27c4aa624215fa6452c3849522803b2bc3a6ee0bcb23809<\/code><\/li>\n<li>A plugin with a slug of wpress-security-wordpress<\/li>\n<li>A hidden administrative user with a username of <code>wpsecuritypatch<\/code><\/li>\n<li>The following malicious domains:\n<ul>\n<li><code>en-gb-wordpress[.]org<\/code><\/li>\n<li><code>wpgate[.]zip<\/code><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Conclusion<\/h2>\n<p>In today\u2019s PSA, we warned of a phishing campaign targeting WordPress users intended to trick victims into installing a malicious backdoor plugin on their site.<\/p>\n<p>Our telemetry indicates that no Wordfence users are currently infected, and we have added the malicious administrator user to our known malicious usernames. Additionally, we are currently in the process of testing malware signatures to detect both the malicious plugin and the separate backdoor, which will be released to <a href=\"https:\/\/www.wordfence.com\/products\/wordfence-premium\/\" target=\"_blank\" rel=\"noopener\">Wordfence Premium<\/a>, <a href=\"https:\/\/www.wordfence.com\/products\/wordfence-care\/\" target=\"_blank\" rel=\"noopener\">Wordfence Care<\/a>, <a href=\"https:\/\/www.wordfence.com\/products\/wordfence-response\/\" target=\"_blank\" rel=\"noopener\">Wordfence Response<\/a>, and paid <a href=\"https:\/\/www.wordfence.com\/products\/wordfence-cli\/\" target=\"_blank\" rel=\"noopener\">Wordfence CLI<\/a> users as soon as possible. Wordfence free users will receive the same signatures 30 days later.<\/p>\n<p>We will release a deep-dive analysis of the malicious plugin and separate <code>wp-autoload.php<\/code>&nbsp;backdoor in a future post. For the time being, be on the lookout for this phishing email and do not click any links, including the Unsubscribe link, or install the plugin on your site. If you have friends or acquaintances with WordPress sites, please forward this advisory to them to ensure that they do not install this malicious plugin.<\/p>\n<p><em>Special Thanks to USDS expert Jonathan Kamens for bringing this issue to our attention.<\/em><\/p>\n<p><em>Did you know that Wordfence has a <a href=\"https:\/\/www.wordfence.com\/threat-intel\/bug-bounty-program\/\" target=\"_blank\" rel=\"noopener\">Bug Bounty Program<\/a>? We\u2019ve recently increased our bounties by 6.25x until December 20th, 2023, with our bounties for the most critical vulnerabilities reaching $10,000 USD! If you\u2019re an aspiring or current vulnerability researcher, <a href=\"https:\/\/www.wordfence.com\/threat-intel\/researcher-register\" target=\"_blank\" rel=\"noopener\">click here to sign up<\/a>.<\/em><\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/35262\/PSA-Fake-CVE-2023-45124-Phishing-Scam-Tricks-Users-Into-Installing-Backdoor-Plugin.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":54759,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[10791],"class_list":["post-54758","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlinemalwarephishwordpressbackdoor"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>PSA: Fake CVE-2023-45124 Phishing Scam Tricks Users Into Installing Backdoor Plugin 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"PSA: Fake CVE-2023-45124 Phishing Scam Tricks Users Into Installing Backdoor Plugin 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-12-04T13:06:28+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.wordfence.com\/wp-content\/uploads\/2023\/12\/phishing-email.png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"PSA: Fake CVE-2023-45124 Phishing Scam Tricks Users Into Installing Backdoor Plugin\",\"datePublished\":\"2023-12-04T13:06:28+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin\\\/\"},\"wordCount\":495,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/12\\\/psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin.png\",\"keywords\":[\"headline,malware,phish,wordpress,backdoor\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin\\\/\",\"name\":\"PSA: Fake CVE-2023-45124 Phishing Scam Tricks Users Into Installing Backdoor Plugin 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/12\\\/psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin.png\",\"datePublished\":\"2023-12-04T13:06:28+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/12\\\/psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/12\\\/psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin.png\",\"width\":587,\"height\":754},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,malware,phish,wordpress,backdoor\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinemalwarephishwordpressbackdoor\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"PSA: Fake CVE-2023-45124 Phishing Scam Tricks Users Into Installing Backdoor Plugin\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"PSA: Fake CVE-2023-45124 Phishing Scam Tricks Users Into Installing Backdoor Plugin 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin\/","og_locale":"en_US","og_type":"article","og_title":"PSA: Fake CVE-2023-45124 Phishing Scam Tricks Users Into Installing Backdoor Plugin 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-12-04T13:06:28+00:00","og_image":[{"url":"https:\/\/www.wordfence.com\/wp-content\/uploads\/2023\/12\/phishing-email.png","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"PSA: Fake CVE-2023-45124 Phishing Scam Tricks Users Into Installing Backdoor Plugin","datePublished":"2023-12-04T13:06:28+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin\/"},"wordCount":495,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/12\/psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin.png","keywords":["headline,malware,phish,wordpress,backdoor"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin\/","url":"https:\/\/www.threatshub.org\/blog\/psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin\/","name":"PSA: Fake CVE-2023-45124 Phishing Scam Tricks Users Into Installing Backdoor Plugin 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/12\/psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin.png","datePublished":"2023-12-04T13:06:28+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/12\/psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/12\/psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin.png","width":587,"height":754},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,malware,phish,wordpress,backdoor","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinemalwarephishwordpressbackdoor\/"},{"@type":"ListItem","position":3,"name":"PSA: Fake CVE-2023-45124 Phishing Scam Tricks Users Into Installing Backdoor Plugin"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/54758","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=54758"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/54758\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/54759"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=54758"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=54758"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=54758"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}