{"id":"MAL-2024-1648","summary":"Malicious code in wordpress-theme-core (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (11ba6949abd5e27add3ceeb9c4709ae17be63d4831af09c7f34ca236d3b06b8e)\nThe OpenSSF Package Analysis project identified 'wordpress-theme-core' @ 0.0.123 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2024-06-24T15:34:53Z","published":"2024-06-20T15:28:20Z","database_specific":{"malicious-packages-origins":[{"source":"ossf-package-analysis","modified_time":"2024-06-20T15:28:20Z","versions":["0.0.1"],"sha256":"80d5f0fae64f9ea46cc8e1c401dac2109bdf35aedbca211a71890a83dec4722f","import_time":"2024-06-20T15:33:31.670753733Z"},{"source":"ossf-package-analysis","modified_time":"2024-06-24T15:25:59Z","versions":["0.0.123"],"sha256":"11ba6949abd5e27add3ceeb9c4709ae17be63d4831af09c7f34ca236d3b06b8e","import_time":"2024-06-24T15:34:31.724937384Z"},{"source":"ossf-package-analysis","modified_time":"2024-06-24T15:13:10Z","versions":["0.0.12"],"sha256":"1273b3bebe31e09b1646043c97e3337062e17cd44cbbc2238498d7b0d5a7995a","import_time":"2024-06-24T15:34:31.663239899Z"}]},"affected":[{"package":{"name":"wordpress-theme-core","ecosystem":"npm","purl":"pkg:npm/wordpress-theme-core"},"versions":["0.0.1","0.0.123","0.0.12"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/wordpress-theme-core/MAL-2024-1648.json"}}],"schema_version":"1.7.3","credits":[{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}