Sigh. Another day, another reason for WordPress users to get patching: Hackers abuse bug in popular plugin

2020-09-03 23:20

A critical vulnerability in a popular WordPress plugin called WP File Manager was spotted on Tuesday and was quickly patched by the plugin's developers.

Which allows arbitrary file uploads and remote code execution on WordPress websites, is already being actively exploited.

The WPScan WordPress Vulnerability Database, alerted to the bug by Finland-based WordPress service provider Seravo, says that there have been multiple WordPress sites compromised as a result of the zero-day hole in WP File Manager.

Bruandet said the attacks were detected quickly, which has helped limit the damage, but added that the bug is critical because the vulnerable script can be accessed directly, without loading WordPress and even if the plugin has been deactivated.

"Installing the plugin will clear the folder where the backdoor is uploaded. But hackers are also infecting some WordPress core files and adding some code to control the site from a Telegram bot."

News URL

https://go.theregister.com/feed/www.theregister.com/2020/09/03/wordpress_plugin_bug/

#hacker #wordpress

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Wordpress		7	2	95	44	18	159
Plugin		2	0	13	1	0	14

News URL

Related news

Related vendor