Millions of WordPress websites were targeted this week by hackers when the famous WordPress plugin ‘File Manager‘ discovers a zero-day flaw. Plugin bug leads to the monitoring and attack on millions of WordPress websites.
The plugin, deployed on more than 700,000 websites, allowed the attacker to gain control of the user site by uploading an image file-dressing web shell to the server of the user. How hackers found out about the zero-day flaw, but the File Manager developers reacted rapidly and produced a fix for zero-day attacks and published it.
It is uncertain how hackers found the zero-day, but they started researching the locations this plugin might be placed before the beginning of this week.
If an attack was successful, the attackers would take advantage of the zero-day and upload a web shell hidden inside an image file on the server of the victim. The attackers would then penetrate the browser shell and monitor the victim’s domain, which they then grab in a botnet.
Plugin bug leads to the monitoring and attack on millions of WordPress websites
“Attacks against this vulnerability have risen dramatically over the last few days,” said Ram Gall, Threat Analyst at Defiant.
The attacks began slowly, but escalated over the week, with one million WordPress websites being targeted by Defiant only on Friday, Sept. 4. In general, Defiant estimates that since September 1 threats were first detected, Defiant has blocked threats on over 1,7 million sites.
The positive news is that on the same day that it heard of the threats, the File Manager development team developed and released a fix. Some site owners have a patch installed, while some remain behind, as normal.
This slow patching process has recently prompted the development team of WordPress to provide an auto-update feature for themes and plugins of WordPress. The site owners will set up plugins and themes to auto-download any time a new version has been introduced, beginning with WordPress 5.5, published last month, and still keep their pages secure from attacks.