File Manager Plugin in WordPress Contains a Remote Code Execution Vulnerability

WordPress’ popular plugin File Manager (versions 6.0-6.8) contains a vulnerability that allows an attacker to upload files and execute commands. Indicators of compromise include filenames such as “hardfork.php”, “hardfind.php” and “x.php”.

The root of this problem is connector.minimal.php, which is due to a recent name change and executes directly — allowing the upload of malicious files on affected webservers. You can mitigate this vulnerability by updating to version 6.9.

Source: Portswigger

Risk Crew

Next How to Optimise Your Security Penetration Testing | VIDEO »

Previous « Why Minimising Your Attack Surface is Crucial

Published by

Risk Crew

Tags: Wordpress

5 years ago

ISO 42001: Key Insights You Need to Know

Introducing ISO 42001 – the world’s first international management system standard focused specifically on AI.…

2 months ago

ISO 27001 Requirements | Your Roadmap to Compliance

Blog

ISO 27001 Requirements | Your Roadmap to Compliance

Data breaches and cyberattacks have become daily concerns for information security professionals and business leaders.…

2 months ago

Discovery Session

DORA | DISCOVERY SESSION

3 months ago

Blog

DORA Compliance Checklist | GUIDE

3 months ago

Guide

Essential Red Team KPIs & Metrics | GUIDE

4 months ago

Penetration Testing blog

How to Get Ready for a Penetration Test

It is an undeniable fact that all applications and infrastructures are essentially in need of…