Security expert re: 600,000 WordPress sites attacked due to critical vulnerability (RCE flaw)

By   ISBuzz Staff
Editorial Team , Information Security Buzz | Sep 11, 2020 02:23 am PST

More than 600,000 WordPress sites running vulnerable File Manager plugin versions are being attacked due to a critical remote code execution flaw,  and the attackers have also been seen protecting the sites they compromised from other bad actors’ attacks.

Subscribe
Notify of
guest
1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Timothy Chiu
Timothy Chiu , Vice President of Marketing
InfoSec Expert
September 11, 2020 10:29 am

This latest critical vulnerability in a WordPress plugin, a remote code execution flaw, is one of the most dangerous vulnerabilities because it gives the attacker the ability to run almost any code on the hacked site. While it\’s interesting that attackers have taken this one step further, protecting their malicious files they\’ve written to the compromised sites, the end result is still the same: the site is compromised, and the attacker was successful exploiting a flaw that has a released fix. It’s another strong reminder to keep software up to date and patched in a timely fashion to avoid getting exploited by known vulnerabilities.

Last edited 2 years ago by Timothy Chiu

Recent Posts

1
0
Would love your thoughts, please comment.x
()
x