WordPress Plug-in Has Critical Zero-Day

  /     /     /  
Publicated : 23/11/2024   Category : security


WordPress Plug-in Has Critical Zero-Day


The vulnerability in WordPress File Manager could allow a malicious actor to take over the victims website.



A popular plug-in for WordPress is the subject of a zero-day vulnerability that may expose more than 700,000 sites to malicious exploit. The WordPress File Manager plug-in is generally used to allow website users to upload image files, but a flaw in the plug-ins file type checking could allow a user to upload a file with an embedded web shell. That web shell could then be used to launch a site takeover against the victim.
According to researchers at WordFence — who found the vulnerability — the vulnerability exists in File Manager version 6.0 through 6.8. The plug-ins developers have released an updated version, 6.9, with the vulnerability patched, though they estimate that more than 261,000 websites are still running vulnerable software.
For more, read
here
and
here
.

Last News

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
WordPress Plug-in Has Critical Zero-Day