Hackers password-protect compromised sites to keep out rival attackers
At-risk websites advised to update WordPress File Manager plugin immediately.
Hackers are exploiting a critical vulnerability that may be affecting hundreds of thousands of websites running WordPress.
The vulnerability lies in versions of the popular third-party plugin WordPress File Manager, which has been installed on over 700,000 websites.
WordPress File Manager bills itself as a tool to make it simple for webmasters to upload, edit, archive, and delete files and folders on their website’s backend.
But hackers have found a way to exploit version 6.8 and below of WordPress File Manager to inject malicious code onto websites without authorisation, creating backdoors for future abuse.
As security researchers at NinTechNet describe, one interesting aspect of the attack is that the hackers are injecting code into the websites they compromise to password-protect access via the flaw – thus preventing other hacking groups from exploiting the same vulnerability.
WordPress security firm Wordfence says that it has blocked over 450,000 exploit attempts in the last several days.
In a blog post, Wordfence’s Chloe Chamberland describes the potential impact of an attack:
“A file manager plugin like this would make it possible for an attacker to manipulate or upload any files of their choosing directly from the WordPress dashboard, potentially allowing them to escalate privileges once in the site’s admin area.” “For example, an attacker could gain access to the admin area of the site using a compromised password, then access this plugin and upload a webshell to do further enumeration of the server and potentially es ..
Support the originator by clicking the read the rest link below.
