By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
10alert.com10alert.com
  • Threats
    • WordPress ThreatsDanger
    Threats
    A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data, or disrupt digital life in general. Cyber threats include…
    Show More
    Top News
    What is an Exploit? -Kaspersky Daily
    8 months ago
    Darkhotel APT in luxury Asian hotels
    8 months ago
    Kaspersky Lab expert Andrey Pozhogin answers questions about ransomware
    8 months ago
    Latest News
    Safeguards against firmware signed with stolen MSI keys
    2 days ago
    WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
    2 days ago
    Wordfence Intelligence Weekly WordPress Vulnerability Report (May 15, 2023 to May 21, 2023)
    7 days ago
    Wordfence Firewall Blocks Bizarre Large-Scale XSS Campaign
    1 week ago
  • Fix
    Fix
    Troubleshooting guide you need when errors, bugs or technical glitches might ruin your digital experience.
    Show More
    Top News
    Keylogger found on 5500 sites running WordPress
    Keylogger found on 5500 sites running WordPress
    8 months ago
    Windows 11 build 22622.575 (KB5016694) releases in the Beta Channel
    8 months ago
    How to create restore point on Windows 11
    8 months ago
    Latest News
    How automatically delete unused files from my Downloads folder?
    4 months ago
    Now you can speed up any video in your browser
    4 months ago
    How to restore access to a file after EFS or view it on another computer?
    4 months ago
    18 Proven Tips to Speed Up Your WordPress Site and Improve SEO | 2023 Guide
    5 months ago
  • How To
    How ToShow More
    What is two-factor authentication | Kaspersky official blog
    3 days ago
    Acer refreshes Windows 11 PCs for work and play: Swift Edge 16 and Predator Triton 16
    5 days ago
    NVIDIA GeForce RTX 4080 New Mercury Editions of Razer Blade 16 and Blade 18 now available
    5 days ago
    How Oxy uses hooks for maximum extensibility
    How Oxy uses hooks for maximum extensibility
    6 days ago
    The personal threat landscape: securing yourself smartly
    6 days ago
  • News
    News
    This category of resources includes the latest technology news and updates, covering a wide range of topics and innovations in the tech industry. From new…
    Show More
    Top News
    How to add Vkontakte middle name?
    8 months ago
    How to prevent applications from running in the background on Windows 10?
    7 months ago
    Do you know how to reinstall Windows from a flash drive?
    8 months ago
    Latest News
    How to create virtual drive (VHD, VHDX, Dev Drive) on Windows 11
    3 days ago
    How to enable Taskbar End Task option to close apps on Windows 11
    3 days ago
    How to check USB4 devices specs from Settings on Windows 11
    3 days ago
    How to enable new header UI for File Explorer on Windows 11
    1 week ago
  • Glossary
  • My Bookmarks
Reading: Hackers Attack Vulnerability Affecting Over 350,000 WordPress Sites
Share
Notification Show More
Aa
Aa
10alert.com10alert.com
  • Threats
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
  • Threats
    • WordPress ThreatsDanger
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
Follow US
Wordpress Threats

Hackers Attack Vulnerability Affecting Over 350,000 WordPress Sites

Tom Grant
Last updated: 10 October
Tom Grant 2 years ago
Share
4 Min Read

A dangerous vulnerability has been discovered in the File Manager plugin, which is used by more than 700,000 WordPress-based resources, which allows the execution of commands and malicious scripts on vulnerable sites. Just a few hours after the disclosure of information about the bug, experts from the Thai company NinTechNet

reported about the first attacks on this vulnerability.

The crux of the problem is that the plugin contains an additional file manager known as elFinder is an open source library that provides the core functionality of the plugin and also provides the user interface. The vulnerability arises from the way the implementation of elFinder is implemented in this case. For example, in File Manager, the extension of the connector.minimal.php.dist library file has been changed to .php so that it can be run directly, even if the connector file is not used by the file manager itself. Such libraries often include sample files that are not intended to be used out of the box without setting up access control. As a result, this file has no direct access restrictions, which means that anyone can access it.

NinTechNet researchers write that attackers use an exploit to upload image files to websites that contain hidden web shells. As a result, attackers can use a convenient interface that allows them to run commands in the plugins/wp-file-manager/lib/files/ directory, where the File Manager plugin is located. Although the problem prevents hackers from executing commands outside the named directory, attackers can do a lot of damage by uploading scripts to the vulnerable site that are capable of performing actions in other parts of the vulnerable resource.

According to NinTechNet, hackers are currently using the bug to upload the hardfork.php script to websites, and then use it to inject code into scripts / wp-admin/admin-ajax.php and /wp-includes/user.php.

At the same time, it is noted that attackers seek to protect the vulnerable file with a password (connector.minimal.php) so that other hack groups cannot exploit the vulnerability on already infected sites.


” In the next few hours or days, we will see exactly what they will do next. After all, if they protect a vulnerable file with a password to prevent other hackers from exploiting the vulnerability, they are probably going to return and visit the infected resources again, ”NinTechNet experts say.

Experts from the information security company Wordfence have already this wave of attacks own report. Over the past few days, the company has blocked more than 450,000 attempts to exploit this vulnerability. The researchers write that attackers are trying to embed various files on websites. In some cases, these files were empty (obviously, the hackers were only testing the vulnerability), other malicious files were named hardfork.php, hardfind.php and x.php.

“A file manager plugin like this, allows attackers to manipulate files and upload new ones of their choice right from the WordPress dashboard. It also potentially allows privilege escalation right away. For example, an attacker can gain access to the site's admin panel using a compromised password, then gain access to a vulnerable plugin and load a web shell in order to perform further actions on the server and develop their attack with another exploit, ”writes Wordfence specialist Chloe Chamberland (Chloe Chamberland).

The problem has already been fixed in File Manager versions 6.0 to 6.8. Official WordPress statistics show that approximately 52% of plugin installations are currently vulnerable, i.e. about 350 000 sites.



Source: xaker.ru

Translate this article

TAGGED: PoC, Proxy server, Security, WordPress
Tom Grant October 10, 2022 October 31, 2021
Share this Article
Facebook Twitter Reddit Telegram Email Copy Link Print

STAY CONECTED

24.8k Followers Like
253.9k Followers Follow
33.7k Subscribers Subscribe
124.8k Members Follow

LAST 10 ALERT

Safeguards against firmware signed with stolen MSI keys
Threats 2 days ago
WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
Wordpress Threats 2 days ago
How to create virtual drive (VHD, VHDX, Dev Drive) on Windows 11
News 3 days ago
How to enable Taskbar End Task option to close apps on Windows 11
News 3 days ago
How to check USB4 devices specs from Settings on Windows 11
News 3 days ago

Recent Posts

  • Safeguards against firmware signed with stolen MSI keys
  • WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
  • How to create virtual drive (VHD, VHDX, Dev Drive) on Windows 11
  • How to enable Taskbar End Task option to close apps on Windows 11
  • How to check USB4 devices specs from Settings on Windows 11

You Might Also Like

Threats

Safeguards against firmware signed with stolen MSI keys

2 days ago
WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
Wordpress Threats

WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin

2 days ago
News

How to create virtual drive (VHD, VHDX, Dev Drive) on Windows 11

3 days ago
How To

What is two-factor authentication | Kaspersky official blog

3 days ago
Show More

Related stories

How to Use Cloudflare to Secure Your WordPress Site
How To Starting Chrome from the command line
How to fix error 0x80070057 in Chrome?
Windows 10 How To Disable Slide to Shutdown
Windows search not working (FIX)
How to watch movies and TV series for free on Kinopoisk?
Previous Next

10 New Stories

What is two-factor authentication | Kaspersky official blog
Acer refreshes Windows 11 PCs for work and play: Swift Edge 16 and Predator Triton 16
NVIDIA GeForce RTX 4080 New Mercury Editions of Razer Blade 16 and Blade 18 now available
How Oxy uses hooks for maximum extensibility
The personal threat landscape: securing yourself smartly
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 15, 2023 to May 21, 2023)
Previous Next
Hot News
Safeguards against firmware signed with stolen MSI keys
WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
How to create virtual drive (VHD, VHDX, Dev Drive) on Windows 11
How to enable Taskbar End Task option to close apps on Windows 11
How to check USB4 devices specs from Settings on Windows 11
10alert.com10alert.com
Follow US

© 10 Alert Network. All Rights Reserved.

  • Privacy Policy
  • Contact
  • Customize Interests
  • My Bookmarks
  • Glossary
Go to mobile version
adbanner
AdBlock Detected
Our site is an advertising supported site. Please whitelist to support our site.
Okay, I'll Whitelist
Welcome Back!

Sign in to your account

Lost your password?