Sep 03, 2020 16:00:00

A serious vulnerability affecting more than 350,000 WordPress sites was discovered, and there were reports that more than 450,000 attacks were made in a few days

A vulnerability has been discovered in the WordPress

File Manager plugin that could allow remote code execution. By exploiting this vulnerability, it is possible to steal data, destroy the site itself, or embed malicious code, affecting more than 350,000 WordPress sites.

Critical zero-day vulnerability fixed in WordPress File Manager (700,000+ installations). – NinTechNet
https://blog.nintechnet.com/critical-zero-day-vulnerability-fixed-in-wordpress-file-manager-700000-installations/

700,000 WordPress Users Affected by Zero-Day Vulnerability in File Manager Plugin
https://www.wordfence.com/blog/2020/09/700000-wordpress-users-affected-by-zero-day-vulnerability-in-file-manager-plugin/

Hackers are exploiting a critical flaw affecting >350,000 WordPress sites | Ars Technica
https://arstechnica.com/information-technology/2020/09/hackers-are-exploiting-a-critical-flaw-affecting-350000-wordpress-sites/

File Manager is a plugin that allows you to edit, delete, upload, download, compress, copy, and paste files and folders only on WordPress. It is one of the popular plug-ins with more than 700,000 downloads that allows you to operate files and folders without using FTP.

A newly discovered vulnerability in File Manager is that it could allow unauthenticated users to upload unprotected files. If you use this vulnerability, you can upload a file with a Webshell embedded that functions as a backdoor, and execute the 'plugins/wp-file-manager/lib/files/' command under the directory where File Manager is installed. Since it is possible to execute, the attacker is free to modify the WordPress blog by uploading and executing a malicious php file in this directory.

In fact, security firm Wordfence reported that it blocked more than 450,000 attacks over the past few days, pointing out that the attacks are spreading at a speed faster than you can imagine. On the other hand, security company NinTechNet pointed out that many attackers who exploit this vulnerability tend to 'password protect vulnerable files so that they cannot be exploited by other attackers.' This tendency is described as 'interesting'.

The vulnerability in question has been fixed in version 6.9, the latest version of the File Manager plugin. However, there are vulnerabilities in the File Manager plug-ins of versions 6.0 to 6.8, and it is estimated that more than 350,000 WordPress blogs are using this version. It warns me that I should immediately update to version 6.9 if I am using it.