File Manager Plugin in WordPress Contains a Remote Code Execution Vulnerability

WP plugin vulnerability

WordPress’ popular plugin File Manager (versions 6.0-6.8) contains a vulnerability that allows an attacker to upload files and execute commands. Indicators of compromise include filenames such as “hardfork.php”, “hardfind.php” and “x.php”.

The root of this problem is connector.minimal.php, which is due to a recent name change and executes directly — allowing the upload of malicious files on affected webservers. You can mitigate this vulnerability by updating to version 6.9.

Source: Portswigger

Risk Crew