at 10:30 PM

WordPress File Manager plugin exploit is being used on over 350,000 websites

Multiple security firms and media outlets have discovered and reported on a newly discovered WordPress plugin exploit that impacts over 350,000 websites that have the plugin installed.

As detailed by the multiple security firms that discovered and documented the vulnerability, the WordPress plugin that's impacted is WordPress File Manager by mndpsingh287. The exploit has been used by hackers to backdoor websites, inject code, and perform other hijacking activities. Webshells that are embedded in uploaded images give these attackers convenient access to execute commands in File Manager's /plugins/wp-file-manager/lib/files/ installation directory.

File Manager versions ranging from 6.0 to 6.8 are vulnerable to this exploit, with 52% of users running these older versions instead of the 6.9 release that was published 2 days ago as of the publication of this post. WordPress users should update this plugin as soon as possible to ensure they aren't susceptible to hijacking or malware on their websites.

Further coverage: NinTechNet Wordfence Ars Technica

by Ian Dorfman

MORE ABOUT: #Blog Publishing Tools #CMS Tools #Website Builders #WordPress

WordPress

1607

Freemium • Open Source
Blog Publishing Tool

WordPress is software designed for everyone, emphasizing accessibility, performance, security, and ease of use. We believe...

Related news

All news about WordPress »

Comments

No comments so far, maybe you want to be first?