The WordPress Vulnerability report is as follows.
WordPress Plugin Vulnerabilities
Several new WordPress plugin vulnerabilities have been discovered this month so far. Make sure to follow the suggested action below to update the plugin or completely uninstall it.
WordPress Plugin Vulnerabilities
1. WordPress Websites Attacked via File Manager Plugin Vulnerability
- The vulnerability lies in versions of the popular third-party plugin WordPress File Manager, which has been installed on over 700,000 websites.
- WordPress File Manager bills itself as a tool to make it simple for webmasters to upload, edit, archive, and delete files and folders on their website’s backend.
- A file manager plugin like this would make it possible for an attacker to manipulate or upload any files of their choosing directly from the WordPress dashboard, potentially allowing them to escalate privileges once in the site’s admin area.
2. WordPress security: Zero-day flaw in File Manager plugin actively exploited
- UPDATED Users of File Manager, a popular WordPress plugin, have been urged to update to the latest version amid the active exploitation of a critical zero-day vulnerability.
- File Manager, which helps WordPress administrators organize files on their sites, has more than 700,000 active installations.
3. WordPress File Manager plugin flaw causing website hijack exploited in the wild
- According to the Sucuri WordPress security team, the vulnerability emerged in version 6.4 of the software, which is used as an alternative to FTP in managing file transfers, copying, deletion, and uploads.
- File Manager accounts for over 700,000 active installations.
4. A Critical Flaw Is Affecting Thousands of WordPress Sites
- Hackers are currently actively exploiting a vulnerability in WordPress which the threat actors can manipulate to execute malicious commands and scripts on Websites running File Manager. File Manager is a WordPress plugin that has over 700,000 active installations, according to researchers. The security flaw has been patched, however, the first attacks were detected by security teams just hours after the patch was released.
It is crucial to the security of your WordPress site that you have an update routine.
You should be logging into your sites at least once a week to perform updates.
