Title: WordPress scam
Last modified: January 8, 2024

---

# WordPress scam

 *  Resolved [tristanpglaw](https://wordpress.org/support/users/tristanpglaw/)
 * (@tristanpglaw)
 * [2 years, 5 months ago](https://wordpress.org/support/topic/wordpress-scam/)
 * Not sure where to report this but I received an email from my wordpress site 
   advising me to download a plugin to fix a vulnerability. It really looks legit
   and it almost tricked me but I found it odd to have to download a plugin and 
   also the website it links to is **ca.en<span style=”text-decoration: underline;”
   >-</span>wordpress.org** (notice the dash in the URL:
 * > Dear user
   > The WordPress Security Team has detected a critical vulnerability on the website:**
   > <u>store.beatate.ca</u>**
   > The Remote Code Execution (RCE) vulnerability found on your site is categorized
   > as **a critical threat**, potentially allowing malicious code execution and
   > putting your data, user details, and overall site security at risk.
   > **We urge you to apply the CVE-2024-46188 Patch immediately**, as we are working
   > on addressing this crucial security hole in the upcoming WordPress version.
   > **Simply download the plugin by clicking the button below, install and activate
   > it on your site.** This ensures swift and hassle-free defense against potential
   > exploits and malicious actions linked to this vulnerability.

Viewing 3 replies - 1 through 3 (of 3 total)

 *  Moderator [Steven Stern (sterndata)](https://wordpress.org/support/users/sterndata/)
 * (@sterndata)
 * Volunteer Forum Moderator
 * [2 years, 5 months ago](https://wordpress.org/support/topic/wordpress-scam/#post-17327104)
 * It is known. See [https://wordpress.org/news/2023/12/alert-wordpress-security-team-impersonation-scams/](https://wordpress.org/news/2023/12/alert-wordpress-security-team-impersonation-scams/)
 *  Thread Starter [tristanpglaw](https://wordpress.org/support/users/tristanpglaw/)
 * (@tristanpglaw)
 * [2 years, 5 months ago](https://wordpress.org/support/topic/wordpress-scam/#post-17333624)
 * Thank you, I couldn’t find anything on the topic.
 *  [lemtrac](https://wordpress.org/support/users/lemtrac/)
 * (@lemtrac)
 * [2 years, 2 months ago](https://wordpress.org/support/topic/wordpress-scam/#post-17550267)
 * This is becoming a big issue as the email looks like its from WordPress, they
   include the logo and email layout.
 * _[URL removed by moderator]_
 * Clients are receiving message and if they do not have email protection they are
   taking by phishing exploit
 * This link is potentially harmful
    -  This reply was modified 2 years, 2 months ago by [Steven Stern (sterndata)](https://wordpress.org/support/users/sterndata/).
      Reason: broke url

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘WordPress scam’ is closed to new replies.

 * In: [Everything else WordPress](https://wordpress.org/support/forum/miscellaneous/)
 * 3 replies
 * 3 participants
 * Last reply from: [lemtrac](https://wordpress.org/support/users/lemtrac/)
 * Last activity: [2 years, 2 months ago](https://wordpress.org/support/topic/wordpress-scam/#post-17550267)
 * Status: resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics