WordPress websites attacked via File Manager plugin vulnerability
- Websites are hijacked by hackers exploiting plugin vulnerability
- Hackers password protect compromised sites to prevent rival attackers from entering
- At risk websites are advised to update the WordPress File Manager plugin immediately.
Hackers exploit a critical vulnerability that can affect hundreds of thousands of websites running WordPress.
The vulnerability lies in versions of the popular third-party WordPress File Manager plugin, which has been installed on over 700,000 websites.
WordPress File Manager promotes itself as a tool for webmasters to easily upload, edit, archive, and delete files and folders on their website backend.
But hackers have found a way to exploit WordPress File Manager version 6.8 and lower to inject malicious code into websites without authorization, creating backdoors for future abuse.
As security researchers at NinTechNet describe, an interesting aspect of the attack is that the hackers inject code into the websites they compromise to protect password access through the flaw, thus preventing other hacking groups from exploiting the same vulnerability. .
Wordfence WordPress security company said that it has blocked more than 450,000 exploit attempts in the past few days.
In a blog post, Wordfence’s Chloe Chamberland describes the potential impact of an attack:
“A file manager plugin like this would allow an attacker to manipulate or download any file of their choice directly from the WordPress dashboard, potentially allowing them to increase their privileges once in the area of ?? administration of the site. “
“For example, an attacker could access the administration area of the site using a compromised password, then access this plugin and download a webshell to do additional server enumeration and potentially escalate their attack by using another exploit. “
The creators of WordPress File Manager, posted an update (version 6.9) on September 1 which fixes the security issue, but hundreds of thousands of websites are still believed to be running vulnerable and outdated versions of the plugin.
It goes without saying that anyone who runs a website should be very selective about which third-party plugins they install, keep a close eye on security updates, and apply them when necessary.
The latest versions of WordPress include the ability to automatically update third-party plugins such as WordPress File Manager when new updates are released, although this may not be a desirable feature on all websites.
If your website has been compromised, you are advised to reinstall WordPress to clean up any potentially infected core files and change the passwords for databases and all users with administrator privileges.
*** This is a Syndicated Security Bloggers Network blog by HOTforSecurity written by Graham Cluley. Read the original post on: https://hotforsecurity.bitdefender.com/blog/wordpress-websites-attacked-via-file-manager-plugin-vulnerability-24048.html