Yesterday, the WordPress plugin File Manager was updated, fixing a critical vulnerability allowing any website visitor to gain complete access to the website.
Users of our WAF were never vulnerable to this exploit. The Sucuri firewall blocks malicious payloads by default using our generic exploitation rules.
The vulnerability originated from the remains of a development environment on version 6.4 nearly 4 months ago, where a file was renamed to test certain features.
Continue reading Critical Vulnerability in File Manager Plugin Affecting 700k WordPress Websites at Sucuri Blog.
The post Critical Vulnerability in File Manager Plugin Affecting 700k WordPress Websites appeared first on Security Boulevard.
Article Link: https://securityboulevard.com/2020/09/critical-vulnerability-in-file-manager-plugin-affecting-700k-wordpress-websites/