Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
WordPress Websites Attacked via File Manager Plugin Vulnerability
#1
https://hotforsecurity.bitdefender.com/b...w%7CH4Swfh     
Graham CLULEY
@gcluley

E-Threats • Industry News
WordPress Websites Attacked via File Manager Plugin Vulnerability
1 day ago
3 Min Read       
    Websites are being hijacked by hackers exploiting plugin vulnerability
    Hackers password-protect compromised sites to keep out rival attackers
    At-risk websites advised to update WordPress File Manager plugin immediately.

Hackers are exploiting a critical vulnerability that may be affecting hundreds of thousands of websites running WordPress.

The vulnerability lies in versions of the popular third-party plugin WordPress File Manager, which has been installed on over 700,000 websites.

WordPress File Manager bills itself as a tool to make it simple for webmasters to upload, edit, archive, and delete files and folders on their website’s backend.

But hackers have found a way to exploit version 6.8 and below of WordPress File Manager to inject malicious code onto websites without authorisation, creating backdoors for future abuse.

As security researchers at NinTechNet describe, one interesting aspect of the attack is that the hackers are injecting code into the websites they compromise to password-protect access via the flaw – thus preventing other hacking groups from exploiting the same vulnerability.

WordPress security firm Wordfence says that it has blocked over 450,000 exploit attempts in the last several days.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Cyberattackers Exploiting Critical WordPress Plugin Bug Bjyda 0 1,177 03-11-2021 , 10:33 PM
Last Post: Bjyda
  WordPress Plugin Bug Allows Malicious Code Injection on 100K Sites sidemoon 0 1,565 03-13-2020 , 10:00 PM
Last Post: sidemoon
  Indian university attacked by Ransomware dhruv2193 0 1,335 02-26-2019 , 12:54 PM
Last Post: dhruv2193
  Infected WordPress Sites Are Attacking Other WordPress Sites Mohammad.Poorya 0 1,786 12-08-2018 , 06:00 PM
Last Post: Mohammad.Poorya
  Wordpress kept Zero-day vulnerability a secret for a week, which was used by hackers. scot 0 4,963 02-07-2017 , 06:14 PM
Last Post: scot



Users browsing this thread: 1 Guest(s)