Hackers exploit a flaw in a WordPress plugin, 350,000 sites are affected

September 3, 2020| MondialPress

Researchers have announced the discovery of a critical security vulnerability affecting WordPress. This more specifically targets File Manager, a CMS plugin that counts more than 700,000 active installations to date. Of this figure, 52% of users would be affected, report the researchers.

Sal Aguilar, a website security contractor, posted on Twitter a few hours ago about the vulnerability: “Oh shit !!! The vulnerability of WP File Manager is SERIOUS. It is spreading quickly and I see hundreds of sites getting infected. Malware is downloaded to /wp-content/plugins/wp-file-manager/lib/files ”.

A security vulnerability of choice for hackers

More specifically, the attacks in question allow malicious users to execute commands and scripts remotely on the websites of their victims – who use the File Manager plugin. Several researchers have indicated that the hackers seek to inject scripts, but also to protect vulnerable files so that they cannot benefit other groups with similar ambitions.

Jérôme Bruandet, CEO of NinTechNet, indicates to the specialized media Ars Technica: “All the commands can be executed in the / lib / files folder (create folders, delete files, etc.), but the most important is that they can also download PHP scripts in that folder, then run them and do whatever they want on the blog ”.

Chloe Chamberland, researcher at the security company Wordfence details: “Such a file management plugin would allow an attacker to manipulate or download the files of his choice directly from the WordPress dashboard, which would allow him to increase their privileges once in the site administration area ”.

She adds: “For example, an attacker could access the administration area of ​​the site using a compromised password, then access this plugin and download a script […] and potentially escalate their attack using another exploit” .

The flaw concerns versions of File Manager ranging from 6.0 to 6.8, so it is recommended to update the plugin to benefit from version 6.9.

Considering the fact that WordPress is such a popular CMS, it’s no wonder it is the target of hackers – who hope to impact large numbers of users. To do this, they regularly attack plugins, be it File Manager, but also Duplicator, ThemeGrill Demo Importer and Profile Builder a few months ago.

Categories: Blog