Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
WordPress Plug-in Has Critical Zero-Day
The vulnerability in WordPress File Manager could allow a malicious actor to take over the victim's website.
1 Min Read
A popular plug-in for WordPress is the subject of a zero-day vulnerability that may expose more than 700,000 sites to malicious exploit. The WordPress File Manager plug-in is generally used to allow website users to upload image files, but a flaw in the plug-in's file type checking could allow a user to upload a file with an embedded web shell. That web shell could then be used to launch a site takeover against the victim.
According to researchers at WordFence — who found the vulnerability — the vulnerability exists in File Manager version 6.0 through 6.8. The plug-in's developers have released an updated version, 6.9, with the vulnerability patched, though they estimate that more than 261,000 websites are still running vulnerable software.
About the Author
You May Also Like
More Insights
