The team behind Wordfence, a popular security plugin for WordPress, have reported seeing a large increase in cyber attacks aimed at WordPress-based websites over the last few weeks. This is believed to be due to a vulnerability in another WordPress plugin, File Manager, which has over 700,000 active installations. While the vulnerability only affects those running certain versions of the File Manager plugin, Wordfence reports that cyber attacks are up across the board, as cyber criminals cast a wide net with their attacks.
WordPress is an immensely popular platform that allows users to create websites easily, often with little to no coding skills, and add functionality via plugins. WordPress has been around since 2003, and while it initially gained traction as a blogging platform, it has since gained a much larger audience.
Plugins are the bread and butter of WordPress, allowing users to add advanced functionality without writing complex code from scratch or paying a developer. However, like all software, plugins must be updated regularly to protect against vulnerabilities and prevent devastating zero-day attacks.
WordPress site owners who are using versions 6.0 to 6.8 of the File Manager plugin are advised to update the plugin immediately, as the recently-discovered vulnerability allows unauthorised parties (see: cyber criminals) to upload potentially malicious files or execute commands on their target site, with the potential to cause catastrophic damage.
Wordfence, whose security plugin protects WordPress sites against malicious traffic, has said that although the overall percentage of sites running the vulnerable versions of File Manager is low, they have seen a huge increase in bots attacks to check for weaknesses.
“Attacks against this vulnerability have risen dramatically over the last few days. Wordfence has recorded attacks against over one million sites today, September 4, 2020. Sites not using this plugin are still being probed by bots looking to identify and exploit vulnerable versions of the File Manager plugin, and we have recorded attacks against 1.7 million sites since the vulnerability was first exploited,” according to Wordfence’s Ram Gall.
“Although Wordfence protects well over three million WordPress sites, this is still only a portion of the WordPress ecosystem. As such, the true scale of these attacks is larger than what we were able to record.”
Incidences such as these where criminals jump up en-masse to take advantage of a vulnerability in a broadly-used plugin highlights how important it is to ensure your WordPress site is as up-to-date as possible. Plugins which are no longer in use should ideally be disabled to reduce a website’s risk.
The latest version (6.9) of the File Manager plugin mitigates this vulnerability and WordPress site owners are strongly advised to update to it as soon as possible.