Tuesday, September 1, 2020

Hackers are exploiting a critical flaw affecting >350,000 WordPress sites

WordPress logos in various colors.

Enlarge (credit: StickerGiant / Flickr)

Hackers are actively exploiting a vulnerability that allows them to execute commands and malicious scripts on Websites running File Manager, a WordPress plugin with more than 700,000 active installations, researchers said on Tuesday. Word of the attacks came a few hours after the security flaw was patched.

Attackers are using the exploit to upload files that contain webshells that are hidden in an image. From there, they have a convenient interface that allows them to run commands in plugins/wp-file-manager/lib/files/, the directory where the File Manager plugin resides. While that restriction prevents hackers from executing commands on files outside of the directory, hackers may be able to exact more damage by uploading scripts that can carry out actions on other parts of a vulnerable site.

NinTechNet, a website security firm in Bangkok, Thailand, was among the first to report the in-the-wild attacks. The post said that a hacker was exploiting the vulnerability to upload a script titled hardfork.php and then using it to inject code into the WordPress scripts /wp-admin/admin-ajax.php and /wp-includes/user.php.

Read 8 remaining paragraphs | Comments

https://arstechnica.com

No comments:

Post a Comment

Arizona's Maricopa County is set to have the second largest concentration of US data centers by 2028, as the state races to increase electricity production (Pranshu Verma/Washington Post)

Pranshu Verma / Washington Post : Arizona's Maricopa County is set to have the second largest concentration of US data centers by 202...