AfterDawn: Tech news

High-risk 0-day vulnerability found in WordPress File Manager

Written by Petteri Pyyny @ 02 Sep 2020 10:07

High-risk 0-day vulnerability found in WordPress File Manager

Finnish WordPress developer company Seravo Oy has found a serious vulnerability in WordPress plug-in that is used by more than 700'000 websites globally.
Plugin, called WP File Manager, has a 0-day vulnerability that allows attackers to upload files to websites without authorization and execute code remotely on all WordPress instances that have the said plugin installed.

Basically utilizing the vulnerability, attackers can steal data, destroy sites or add their own code to websites, which could mine cryptocurrencies or distribute harmful code to website users' computers.

Both, the basic version of WP File Manager and also the paid-for version, WP File Manager Pro are affected. In total, these plugins have more than 700k active installations globally.

Developers were alerted of the issue and they released a updated version v6.9 that fixes the security problem. It is adviced to update WP File Manager to 6.9 or above - or uninstall it immediately.



More info: Seravo Oy press release

WordPress is by far the most popular publishing platform in the world, with millions of websites using it as their content management system and more.

Previous Next  
Comments have been disabled for this article.

News archive