Posted on September 3, 2020

Critical WordPress flaw using File Manager affecting 350,000 sites

If you are using the File Manager plugin for WordPress and haven’t updated to the version released on September 1st, 2020, your WordPress installation is at risk from hackers exploiting a vulnerability that allows them to execute commands and malicious scripts. This security flaw in the File Manager was in versions ranging from 6.0 to 6.8.

Within hours of this announced on September 1st, reports of attacks on vulnerable installations were taking place, and with 52% of the approximate 700,000 sites using this still vulnerable, there are a lot of sites out there that are not up to date.

NinTechnet, a website security firm in Bangkok, Thailand was among the first to report attacks in the wild. In email, NinTechNet CEO Jerome Bruandet wrote:

“It’s a bit too early to know the impact because when we caught the attack, hackers were just trying to backdoor websites. However, one interesting thing we noticed is that attackers were injecting some code to password-protect the access to the vulnerable file (connector.minimal.php) so that other groups of hackers could not exploit the vulnerability on the sites that were already infected.”

“All commands can be run in the /lib/files folder (create folders, delete files etc), but the most important issue is that they can upload PHP scripts into that folder too, and then run them and do whatever they want to the blog.”

“So far, they are uploading “FilesMan”, another file manager often used by hackers. This one is heavily obfuscated. In the next few hours and days we’ll see exactly what they will do, because if they password-protected the vulnerable file to prevent other hackers to exploit the vulnerability it is likely they are expecting to come back to visit the infected sites.”

How is this attack being performed?

The attackers are using the exploit to upload files that contain webshells hidden in an image. This then provides them an easy interface to run commands in the plugins/wp-file-manager/lib/files/ directory where the plugin resides. While the restriction prevents hackers from executing commands outside of this specific directory, this could be used as a back door in by uploading scripts that can carry out actions outside of this directory on other parts of a vulnerable site.

How have we helped our clients

After we became aware of this, we had scanned our network and for all Managed WordPress clients we have taken the necessary steps to update the File Manager plugin.

For those that are not using our Managed WordPress services, please ensure you check if your application has been updated, and if not, ensure it’s updated.

Whether you are a current client of ours or not and you have been compromised by this or any other vulnerability, we offer a comprehensive Compromised Site Repair services for WordPress, and all common Content Management Systems.

Leave a Reply

Your email address will not be published. Required fields are marked *

Trusted by Clients Across All Industries

Don’t take our word for it - let our happy clients do the talking. See More

Full Host did an amazing job of migrating my site seamlessly onto their server. My only regret was not switching my site over to them sooner. Now it is performing great, images are uploading way faster than ever before.

" Vancouver Sofa and Patio - Jerry Schmidt

Two thumbs up for Fullhost! Agents reply to me fairly quickly or at least let me know they received the ticket and are looking into it. Kudos to the support team as they have always given me exactly what I need without delays.

" Universal Staffing Inc. - Anthony Calvano

FullHost is an absolute pleasure to work with, and their customer service is exceptional. Whenever I have questions or need adjustments, they are there to help, quickly, efficiently, with answers and insights.

" Mooseworld Inc. Norine Leibel

The Fullhost team was a huge help in getting the website moved over and set up in a way in which we could correct the technical issues. They were quick, helpful and technically knowledgeable.

" Canadian Sport Institute Pacific Noah Wheelock

Our organization Has been working with FullHost for a couple of years now, and we have been thrilled with the service.

" Canadian Centre for International Justice / Philippe Kirsch Institute Pearl Eliadis

Exceptional is the word when it comes to FullHost. I started my own business and in the jungle of applications, licenses and registrations, FullHost had my back.

" Statsmen Matthias Bass

The customer service and support staff that I have dealt with have all been great. The move from my previous host was smooth thanks to the support staff at Full Host who moved my files over.

" Moose Web Design - Michelle Nortje

With coast to coast coverage,
We help you serve the world.

Whether your audience is located in Europe, Asia, Africa, or Australia, provide them with lightening speed!

FullHost's data centers are located in Toronto and Vancouver to ensure worldwide quality and speed.

Get in Touch
We Trust Only The Best Tech to Support You

FullHost operates with the most innovative technology to bring you unparalleled levels of hosting services.