Ville Korhonenen, an on-call security officer for Seravo, discovered a severe vulnerability in a WordPress plugin being exploited against several customers on Tuesday. An investigation uncovered a zero-day for the WordPress plugin WP File Manager being used in the wild that could allow any remote, unauthenticated attacker to upload files and execute code. WP File Manager had over 700,000 active installations at the time of discovery yesterday and can be found just by browsing the popular plugins page on the official WordPress site. When looking into the traffic logs for affected sites, Seravo discovered that a POST request was being made to WP File Manager’s “lib/php/connector.minimal.php”. This file contained example code from the open source “elFinder” project, not meant to be used in production websites. Seravo quickly reported the flaw to the plugin authors and it was updated the same day.
Watch the Video
How does Binary Defense help protect your organization? With best in breed cybersecurity tactics, techniques, and services, we make sure that your environment is secure against the most advanced attacks.