If you are using the File Manager plugin for WordPress and haven’t updated to the version released on September 1st, 2020, your WordPress installation is at risk from hackers exploiting a vulnerability that allows them to execute commands and malicious scripts. This security flaw in the File Manager was in versions ranging from 6.0 to 6.8.

Within hours of this announced on September 1st, reports of attacks on vulnerable installations were taking place, and with 52% of the approximate 700,000 sites using this still vulnerable, there are a lot of sites out there that are not up to date.

NinTechnet, a website security firm in Bangkok, Thailand was among the first to report attacks in the wild. In email, NinTechNet CEO Jerome Bruandet wrote:

“It’s a bit too early to know the impact because when we caught the attack, hackers were just trying to backdoor websites. However, one interesting thing we noticed is that attackers were injecting some code to password-protect the access to the vulnerable file (connector.minimal.php) so that other groups of hackers could not exploit the vulnerability on the sites that were already infected.”

“All commands can be run in the /lib/files folder (create folders, delete files etc), but the most important issue is that they can upload PHP scripts into that folder too, and then run them and do whatever they want to the blog.”

“So far, they are uploading “FilesMan”, another file manager often used by hackers. This one is heavily obfuscated. In the next few hours and days we’ll see exactly what they will do, because if they password-protected the vulnerable file to prevent other hackers to exploit the vulnerability it is likely they are expecting to come back to visit the infected sites.”

How is this attack being performed?

The attackers are using the exploit to upload files that contain webshells hidden in an image. This then provides them an easy interface to run commands in the plugins/wp-file-manager/lib/files/ directory where the plugin resides. While the restriction prevents hackers from executing commands outside of this specific directory, this could be used as a back door in by uploading scripts that can carry out actions outside of this directory on other parts of a vulnerable site.

How have we helped our clients

After we became aware of this, we had scanned our network and for all Managed WordPress clients we have taken the necessary steps to update the File Manager plugin.

For those that are not using our Managed WordPress services, please ensure you check if your application has been updated, and if not, ensure it’s updated.

Whether you are a current client of ours or not and you have been compromised by this or any other vulnerability, we offer a comprehensive Compromised Site Repair services for WordPress, and all common Content Management Systems.

Wordpress Hosting

Experience the difference with the fastest WordPress hosting platform.

Elastic Hosting

A flexible managed hosting solution that will grow with you and your needs grow.

Cloud Servers

Your dedicated cloud servers that are managed by us or managed by you.

Made InCanada
Made by Canadians,
for Canadians

Never worry about compliance again. Our servers are hosted directly on Canadian soil, and support is given by a 100% Canadian team.

We Start,
Where Others Stop.

If you've been burned by terrible hosting services before, we get you. We want every client to feel important and fully taken care of, and we'll spend the time it takes to solve any problem that arises.

Trusted by Clients Across All Industries

Don't take our word for it - let our happy clients do the talking. See More

Full Host did an amazing job of migrating my site seamlessly onto their server. My only regret was not switching my site over to them sooner. Now it is performing great, images are uploading way faster than ever before.

" Vancouver Sofa and Patio - Jerry Schmidt

Two thumbs up for Fullhost! Agents reply to me fairly quickly or at least let me know they received the ticket and are looking into it. Kudos to the support team as they have always given me exactly what I need without delays.

" Universal Staffing Inc. - Anthony Calvano

FullHost is an absolute pleasure to work with, and their customer service is exceptional. Whenever I have questions or need adjustments, they are there to help, quickly, efficiently, with answers and insights.

" Mooseworld Inc. Norine Leibel

With coast to coast coverage,
We help you serve the world.

Whether your audience is located in Europe, Asia, Africa, or Australia, provide them with lightening speed!

FullHost's data centers are located in Toronto and Vancouver to ensure worldwide quality and speed.

Get in Touch
We Trust Only The Best Tech to Support You

FullHost operates with the most innovative technology to bring you unparalleled levels of hosting services.