Hackers are actively exploiting a critical remote code execution vulnerability in the File Manager WordPress plugin that could be exploited by unauthenticated attackers to upload scripts and execute arbitrary code on WordPress sites running vulnerable versions of the plugin.
The File Manager plugin allows users to easily manage files directly from WordPress, it is currently installed on more than 700,000 WordPress sites.
The vulnerability was first discovered by Gonzalo Cruz from Arsys, the researcher also confirmed that threat actors are already exploiting the flaw to upload malicious PHP files onto vulnerable sites.
Who all are affected by this vulnerability:
Those who are using WP File Manager versions between 6.0 and 6.8 are affected.
Fix:
The developers of the plugin have quickly patched the vulnerability with the release of versions 6.9. All the site owners have to upgrade the File manager plugin to fix the vulnerability.
What can you do to keep your WordPress site safe?
There are many things you can do to keep your site safe. Some of the main recommendations to avoid the WP File Manager security flaw and other potential issues are:
- Protect the wp-admin directory
- Use strong passwords
- Do regular backups
- Update WordPress regularly
- Keep themes and plugins up to date
- Use a security plugin
We at E2E Networks always encourage our customers to pursue the best practices of security to keep their systems updated, protected, and patched against recognized vulnerabilities.
For more information, drop an email to cloud-platform@e2enetworks.com or call +91-11-4117-1818
