WordPress Plug-in Has Critical Zero-Day

The vulnerability in WordPress File Manager could allow a malicious actor to take over the victims website.

A popular plug-in for WordPress is the subject of a zero-day vulnerability that may expose more than 700,000 sites to malicious exploit. The WordPress File Manager plug-in is generally used to allow website users to upload image files, but a flaw in the plug-ins file type checking could allow a user to upload a file with an embedded web shell. That web shell could then be used to launch a site takeover against the victim.
According to researchers at WordFence — who found the vulnerability — the vulnerability exists in File Manager version 6.0 through 6.8. The plug-ins developers have released an updated version, 6.9, with the vulnerability patched, though they estimate that more than 261,000 websites are still running vulnerable software.
For more, read
here
and
here
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
WordPress Plug-in Has Critical Zero-Day