Sign In

Communications of the ACM

ACM TechNews

Millions of WordPress Sites Are Being Probed, Attacked With Recent Plugin Bug


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
A WordPress logo.

Millions of WordPress sites have been attacked by hackers exploiting a zero-day vulnerability in the "File Manager" WordPress plugin, according to Defiant Inc.

Credit: WordPress.org

Defiant Inc., which produces the Wordfence Web firewall, reported that millions of WordPress sites have been attacked by hackers exploiting a zero-day vulnerability in the "File Manager" WordPress plugin.

The zero-day vulnerability enables attackers to upload malicious files on a site running an older version of the plugin.

Defiant's Ram Gall said the firm had blocked attacks against more than 1.7 million sites since the attacks were first detected on Sept. 1.

However, given that WordPress is installed on hundreds of millions of sites, Gall said the true scale of the attacks likely is much larger.

The File Manager developer team has created and released a patch for the zero-day vulnerability.

From ZDNet
View Full Article

Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA


 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account
ACM Resources