Cybercriminals have discovered a zero-day vulnerability in the popular File Manager plugin.
Defiant has documented a spike in cyber attacks on WordPress sites last week . According to them, cybercriminals tried to attack millions of sites in search of a vulnerable File Manager plugin.
Attackers discovered a zero-day vulnerability in older versions of File Manager that could allow unauthorized files. Including malicious ones, to be uploaded to a website. How the vulnerability was discovered is unknown, but last week cybercriminals began actively looking for this plugin on websites. Upon discovering the vulnerable File Manager, they exploited the vulnerability. Gained access to the web shell, seized control of the site, and incorporated it into the botnet.
At first, the number of recorded attacks was small, but by September 4, their number had reached 1 million. In total, since September 1, when the attacks just began. Defiant specialists blocked attempts to attack 1.7 million WordPress sites. This is more than half of the sites protected using Defiant’s Wordfence firewall. According to company analyst Ram Gall, the actual number of attacks could be much higher.
The File Manager developers released a fix for the vulnerability the same day the cyber attacks became known. Some site owners have installed it, however many sites are still running the affected version of the plugin.
Due to the slow installation of patches, the WordPress developers recently added a feature to automatically update plugins and themes to their content management system. So, starting with WordPress 5.5, released last month, site owners can turn on automatic updates, and plugins and themes will update themselves every time a patch is released.