Security expert re: 600,000 WordPress sites attacked due to critical vulnerability (RCE flaw)

More than 600,000 WordPress sites running vulnerable File Manager plugin versions are being attacked due to a critical remote code execution flaw,  and the attackers have also been seen protecting the sites they compromised from other bad actors’ attacks.

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Timothy Chiu
Timothy Chiu , Vice President of Marketing
InfoSec Expert
September 11, 2020 10:29 am

This latest critical vulnerability in a WordPress plugin, a remote code execution flaw, is one of the most dangerous vulnerabilities because it gives the attacker the ability to run almost any code on the hacked site. While it\’s interesting that attackers have taken this one step further, protecting their malicious files they\’ve written to the compromised sites, the end result is still the same: the site is compromised, and the attacker was successful exploiting a flaw that has a released fix. It’s another strong reminder to keep software up to date and patched in a timely fashion to avoid getting exploited by known vulnerabilities.

Last edited 2 years ago by Timothy Chiu
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x