Hackers have been having a field day exploiting the File Manager Plugin vulnerability in WordPress Websites that are outdated. The critical vulnerability is present in versions version 6.8 and older.
WordPress File Manager Plugin is a tool that makes it simple for webmasters to upload, edit, archive, and delete files and folders on their website’s backend.
This plugin is quite popular among WordPress developers and has been installed on over 700,000 websites.
Hackers have been exploiting version 6.8 and below of WordPress File Manager to inject malicious code onto websites without authorization. They then create backdoors for future abuse.
One interesting thing about this exploit is that hackers are injecting code and password-protecting compromised sites using the same vulnerability to keep out rival attackers from exploiting the same flaw.
The developers of WordPress File Manager issued an update (version 6.9) on September 1st that resolves the security issue. Users are advised to update their websites as soon as possible. Knowing the WordPress community, it could be a while before most if not all of the installations are updated.
For websites that have the File Manager Plugin vulnerability and have already been compromised, it is advisable to reinstall WordPress to clean-up possibly infected core files. One should also change the passwords to databases and all users with administrator privileges. Also, WordPress file system permissions should be reviewed.
Found this article interesting? Follow Brightwhiz on Facebook, Twitter, and YouTube to read and watch more content we post.