WordPress Plug-in Has Critical Zero-Day

The vulnerability in WordPress File Manager could allow a malicious actor to take over the victim's website.



A popular plug-in for WordPress is the subject of a zero-day vulnerability that may expose more than 700,000 sites to malicious exploit. The WordPress File Manager plug-in is generally used to allow website users to upload image files, but a flaw in the plug-in's file type checking could allow a user to upload a file with an embedded web shell. That web shell could then be used to launch a site takeover against the victim.

Related Content:

70,000+ WordPress Sites Affected by Critical Plug-in Flaw

The Threat from the Internet—and What Your Organization Can Do About It

99% of Websites at Risk of Attack via JavaScript Plug-ins

According to researchers at WordFence — who found the vulnerability — the vulnerability exists in File Manager version 6.0 through 6.8. The plug-in's developers have released an updated version, 6.9, with the vulnerability patched, though they estimate that more than 261,000 websites are still running vulnerable software.

For more, read here and here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio
 

Recommended Reading:

Comment  | 
Email This  | 
Print  | 
RSS
More Insights
Copyright © 2021 UBM Electronics, A UBM company, All rights reserved. Privacy Policy | Terms of Service