It has come to our attention that a fraudulent phishing campaign is actively targeting administrators of WordPress websites.
What You Need to Know:
The attackers are sending emails with the subject line "URGENT: Vulnerability found - Your website [DOMAIN] is at risk!" The email claims to be from the WordPress Security Team and insists on addressing a critical Remote Code Execution (RCE) vulnerability affecting your website. It urges users to download a plugin labelled as "CVE-2024-46188 Patch" to mitigate the alleged threat.
Please Be Aware:
This email is a part of a sophisticated phishing scam. The plugin advertised in the email is malicious and could compromise your website's security if installed. The phishing website it directs you to might resemble a legitimate WordPress.org page, mimicking its style and appearance to deceive unsuspecting users.
What You Should Do:
Our Action:
We have taken necessary precautions to try to block these emails being delivered to our server and have implemented security measures to actively protect your websites from such fraudulent attempts. We are continuously monitoring the situation to ensure your website's safety and security.
Stay Vigilant:
We urge you to remain vigilant against such phishing attempts and to report any suspicious emails or activities to us immediately. Your collaboration in maintaining the security of your website is crucial in safeguarding against potential threats.
Should you have any concerns or require assistance, please reach out to our support team promptly.
Thank you for your attention to this matter.
Sincerely,
Neil Batchelor
EncodeDotHost.
