{"id":28192,"date":"2020-09-02T06:52:17","date_gmt":"2020-09-02T06:52:17","guid":{"rendered":"https:\/\/hosting.nl\/blog\/hackers-exploit-critical-zero-day-leak-affecting-more-than-350000-websites\/"},"modified":"2020-09-02T06:52:17","modified_gmt":"2020-09-02T06:52:17","slug":"hackers-exploit-critical-zero-day-leak-affecting-more-than-350000-websites","status":"publish","type":"post","link":"https:\/\/hosting.nl\/en\/blog\/hackers-exploit-critical-zero-day-leak-affecting-more-than-350000-websites\/","title":{"rendered":"Hackers exploit critical “zero day” leak affecting more than 350,000 websites"},"content":{"rendered":"

The leak is in the plugin wp-file-manager<\/a> and is present in versions 6.0 through 6.8 and affects about 50% of the users<\/a> of this plugin.<\/p>\n

<\/p>\n

Last update: 02-09 at 10.01<\/em><\/p>\n

Hackers are actively exploiting a leak that allows them to execute commands and upload rogue files to any website with a vulnerable version of the wp-file-manager plugin. The vulnerability was fixed<\/a> by the plugin’s developers last night and has since been actively abused on older versions.<\/p>\n

\n

Oh crap!!! The WP File Manager vulnerability is SERIOUS. Its spreading fast and I’m seeing hundreds of sites getting infected. Malware is being uploaded to \/wp-content\/plugins\/wp-file-manager\/lib\/files #WordPress<\/a> #WordPressMalware<\/a> #Malware<\/a> #webhosting<\/a> #wordpresssecurity<\/a><\/p>\n

– S.Aguilar (@RipeR81) September 2, 2020<\/a><\/p><\/blockquote>\n