Please consider updating your browser. Some parts of the website may not function as intended.

File Manager Plugin in WordPress Contains a Remote Code Execution Vulnerability

WP plugin vulnerability

WordPress’ popular plugin File Manager (versions 6.0-6.8) contains a vulnerability that allows an attacker to upload files and execute commands. Indicators of compromise include filenames such as “hardfork.php”, “hardfind.php” and “x.php”.

The root of this problem is connector.minimal.php, which is due to a recent name change and executes directly — allowing the upload of malicious files on affected webservers. You can mitigate this vulnerability by updating to version 6.9.

Source: Portswigger

Leave a Reply

Your email address will not be published. Required fields are marked *

Risk Crew