Zero-day vulnerability in popular WordPress plugin leaves countless websites vulnerable

As a result of a zero-day vulnerability in the WordPress plugin, File Manager,  countless websites have been left wide open to potential cyber-attacks.

In fact, there were millions of attacks against WordPress websites during the last week alone.

The older version of the plugin comes with a zero-day vulnerability that allows attackers to upload malicious files.

File Manager has in excess of 700,000 active users.

This has led to the probing of WordPress websites, as hackers are looking for a way to get in.

If a hacker suspects that the website is running this particular plugin, they will start probing it for vulnerabilities.

If they are successful, they will proceed to upload a malicious image file that acts as a web shell.

Through this, they can seize control of the website and plug it into a botnet.

Ram Gall, threat analyst at Defiant, reports that there have been a rising number of attacks that exploit this particular vulnerability in the last couple of days.

Although they started out slowly, they have progressed to become more intensive throughout the week.

Defiant reports that more than 1 million attacks against WordPress websites were recorded on 4th September 2020 alone.

Since hundreds of millions of websites are running WordPress, there is a high likelihood that some are being probed at this very moment.

As soon as the File Manager developer team learned about the attacks, they started working on a patch that went live on the very same day.

Some webmasters have already installed it, while others are yet to follow suit.

Events such as these have led the WordPress developer team to integrate an auto-update feature for plugins and themes.

WordPress 5.5 was released last month, and you can enable it to make sure that you remain safe from attacks.