WordPress File Manager plugin exploit is being used on over 350,000 websites

Written 24 days ago by IanDorfman

Multiple security firms and media outlets have discovered and reported on a newly discovered WordPress plugin exploit that impacts over 350,000 websites that have the plugin installed.

As detailed by the multiple security firms that discovered and documented the vulnerability, the Small WordPress iconWordPress plugin that's impacted is WordPress File Manager by mndpsingh287. The exploit has been used by hackers to backdoor websites, inject code, and perform other hijacking activities. Webshells that are embedded in uploaded images give these attackers convenient access to execute commands in File Manager's /plugins/wp-file-manager/lib/files/ installation directory.

File Manager versions ranging from 6.0 to 6.8 are vulnerable to this exploit, with 52% of users running these older versions instead of the 6.9 release that was published 2 days ago as of the publication of this post. WordPress users should update this plugin as soon as possible to ensure they aren't susceptible to hijacking or malware on their websites.

Further coverage:
NinTechNet
Wordfence
Ars Technica