Some clients are reporting that they have received an e-mail asking them to apply a patch, due to a critical security issue.
DO NOT APPLY THIS PATCH
The e-mail comes from From: WordPress.org <info@news-wordpress.org>
The e-mail contains the following:
< -- start of email transcript -->
The WordPress Security Team has discovered a critical vulnerability on the website: *yourdomainappearshere
The Remote Code Execution (RCE) vulnerability identified on your site is categorized as a critical threat, potentially allowing malicious code execution and putting your data, user details, and overall site security at risk.
We advise you to apply the CVE-2024-46188 Patch immediately, while we are working on mitigitating this critical security hole in the next WordPress version.
Simply download the plugin by clicking the button below, install and activate it on your site. This guarantees rapid and seamless protection against potential exploits and malicious actions associated with this vulnerability
< -- end of email transcript -->
This is a scam and should not be ignored. The problem only becomes real, if you install the patch.
What you should do:
You should be either maintaining your website and keeping it up to date or paying us (or someone) to maintain it for you.
NEVER install anything based on an e-mail. Neither WordPress nor WEBS will EVER send an email to ask you to install anything.
