informa
1 MIN READ
Quick Hits

WordPress Plug-in Has Critical Zero-Day

The vulnerability in WordPress File Manager could allow a malicious actor to take over the victim's website.

A popular plug-in for WordPress is the subject of a zero-day vulnerability that may expose more than 700,000 sites to malicious exploit. The WordPress File Manager plug-in is generally used to allow website users to upload image files, but a flaw in the plug-in's file type checking could allow a user to upload a file with an embedded web shell. That web shell could then be used to launch a site takeover against the victim.

Related Content:

70,000+ WordPress Sites Affected by Critical Plug-in Flaw

The Threat from the Internet—and What Your Organization Can Do About It

99% of Websites at Risk of Attack via JavaScript Plug-ins

According to researchers at WordFence — who found the vulnerability — the vulnerability exists in File Manager version 6.0 through 6.8. The plug-in's developers have released an updated version, 6.9, with the vulnerability patched, though they estimate that more than 261,000 websites are still running vulnerable software.

For more, read here and here.

Editors' Choice
Elizabeth Montalbano, Contributor, Dark Reading
Ericka Chickowski, Contributing Writer, Dark Reading