cleantalk
Vulnerabilities and Security Researches

BLAZE Retail Widget, CVE-2024-6297

CVE, Research URL

CVE-2024-6297

Home page URL

Security reports for BLAZE Retail Widget

Application

BLAZE Retail Widget

Published on
Jun 25, 2024
Research Description
Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator users and send that data back to a server. Currently, not all plugins have been patched and we strongly recommend uninstalling the plugins for the time being and running a complete malware scan.
Affected versions
Min 2.2.5, max 2.5.2.
Status
vulnerable
Previous vulnerability researches
Blubrry PowerPress Podcasting plugin MultiSite add-on (CVE-2025-31436) , Apr 05, 2025
PowerPress Podcasting plugin by Blubrry (CVE-2024-6588) , Jul 13, 2024
PowerPress Podcasting plugin by Blubrry (CVE-2025-32690) , Apr 10, 2025
PowerPress Podcasting plugin by Blubrry (CVE-2025-32691) , Apr 10, 2025
PowerPress Podcasting plugin by Blubrry (CVE-2024-6297) , Jun 30, 2024
New vulnerability
WP Logger (CVE-2025-39456) , Apr 20, 2025
visualslider Sldier (CVE-2025-23448) , Apr 20, 2025
RSS Manager (CVE-2025-39418) , Apr 20, 2025
Contact Form vCard Generator (CVE-2025-39521) , Apr 20, 2025
AdminQuickbar (CVE-2025-39464) , Apr 20, 2025