Zero-Day Vulnerability in WordPress File Manager Plugin

Published on 03 Sep 2020

Updated on 03 Sep 2020

Security researchers have discovered a zero-day remote code execution vulnerability in the "File Manager" plugin for WordPress, with a Common Vulnerability Scoring System (CVSS) score of 10 out of 10. The flaw impacts versions 6.0 to 6.8. There are reports of active exploitation of this vulnerability in the wild.

Successful exploitation allows an unauthenticated attacker to perform malicious activities such as executing arbitrary code and uploading malicious files on a targeted site.

WordPress site administrators and owners using the affected versions are advised to secure their websites by updating to the latest version (6.9) immediately.

More information is available at:
https://www.wordfence.com/blog/2020/09/700000-wordpress-users-affected-by-zero-day-vulnerability-in-file-manager-plugin/