Security expert re: 600,000 WordPress sites attacked due to critical vulnerability (RCE flaw)

More than 600,000 WordPress sites running vulnerable File Manager plugin versions are being attacked due to a critical remote code execution flaw,  and the attackers have also been seen protecting the sites they compromised from other bad actors’ attacks.

Experts Comments

September 11, 2020
Timothy Chiu
Vice President of Marketing
K2 Cyber Security
This latest critical vulnerability in a WordPress plugin, a remote code execution flaw, is one of the most dangerous vulnerabilities because it gives the attacker the ability to run almost any code on the hacked site. While it's interesting that attackers have taken this one step further, protecting their malicious files they've written to the compromised sites, the end result is still the same: the site is compromised, and the attacker was successful exploiting a flaw that has a released fix. .....Read More
This latest critical vulnerability in a WordPress plugin, a remote code execution flaw, is one of the most dangerous vulnerabilities because it gives the attacker the ability to run almost any code on the hacked site. While it's interesting that attackers have taken this one step further, protecting their malicious files they've written to the compromised sites, the end result is still the same: the site is compromised, and the attacker was successful exploiting a flaw that has a released fix. It’s another strong reminder to keep software up to date and patched in a timely fashion to avoid getting exploited by known vulnerabilities.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.