Cybersecurity Threat Intelligence

WordPress plugin File Manager vulnerability and update

Posted: 2020-11-20 14:16:01   Expiration: 2020-11-27 14:16:01

Disclaimer: This news item was originally posted on 2020-11-20 14:16:01. Its content may no longer be timely or accurate.

The Wordpress plugin File Manager versions 6.0 – 6.8 have a vulnerability that allows an unauthenticated attacker to upload malicious files, including shell scripts.

About the Threat:
The Wordpress plugin File Manager versions 6.0 – 6.8 have a vulnerability that allows an unauthenticated attacker to upload malicious files, including shell scripts.

 

Actions to Consider:
Any Wordpress site with the File Manager plugin versions 6.0 – 6.8 (inclusive) installed should be updated to Version 6.9.
Cybersecurity recommends that WordPress admins using this plugin update it immediately.  

 

Event Impact:  
This vulnerability can allow an unauthenticated attacker to execute commands and upload malicious files.

WordPress security firm WordFence reports seeing this vulnerability being actively exploited in the wild. See their report (link in References) for additional information and indicators of compromise.


Reference: 

https://securityaffairs.co/wordpress/107826/hacking/file-manager-wordpress-plugin-flaw.html?utm_source=feedly&utm_medium=rss&utm_campaign=file-manager-wordpress-plugin-flaw
https://www.wordfence.com/blog/2020/09/700000-wordpress-users-affected-by-zero-day-vulnerability-in-file-manager-plugin/


-- IT Security Vulnerability Management: Hui-Chun Kuo