September 10, 2020 By Sergiu Gatlan
Attackers who are actively exploiting a critical remote code execution flaw affecting over 600,000 of WordPress sites running vulnerable File Manager plugin versions have also been seen protecting the sites they compromise from other threat actors' attacks.
The critical vulnerability allows unauthenticated attackers to upload malicious PHP files and execute arbitrary code following successful exploitation [1, 2, 3]. File Manager's dev team addressed the flaw with the release of File Manager 6.9.
Even though the flaw was patched within hours after the devs were informed by Seravo's on-call security officer Ville Korhonen who discovered the zero-day flaw and the ongoing attacks trying to exploit it, researchers with WordPress security firm Defiant spotted more than 1.7 million sites being probed by threat actors between September 1st and September 3rd.
