The zip attachment contains an exe file: the malware itself. This, if opened, activates the infection.
Critical vulnerability discovered on “Spam protection, AntiSpam, FireWall” in WordPress. The flaw in the plugin can be used to extract sensitive info from a site’s database, including user emails and password hashes. There is also a PoC
A new vulnerability in WordPress plugins has been discovered: this time it concerns “Spam protection, AntiSpam, FireWall” by CleanTalk. Wordfence cybersecurity experts denounce this. The flaw, known as CVE-2021-24295, could be used to extract sensitive information from a site’s database, including user emails and password hashes, all remotely. Moreover, a Proof of Concept (PoC) is circulating on the web, which explains how to exploit the vulnerability to launch attacks. The manufacturer in recent days has released a patch that solves the problem, it is essential to install it as soon as possible.