WordPress is a huge platform that powers a large number of websites. This service makes it easy for both programmers and non-programmers to develop different websites. With WordPress, there are different kinds of themes, plugins and more. However, since most of these things are created by third-party developers, there are chances that there will be loopholes and vulnerabilities. Over the years, there have been cases of bugs and flaws, which give attackers the chance to exploit WordPress sites. Among the latest flaws is the zero-day bug attached to the File Manager app that is known to give attackers the chance to exploit file managers.
The Zero-Day Vulnerability
A “Zero-Day” vulnerability refers to a newly discovered flaw or bug in a particular system, application or platform. This is exactly the vulnerability that WP file mangers are facing at the moment. Through this, attackers have been exploiting a wide range of WordPress-powered websites. As a result, these hackers have access to the website’s file manager, meaning they can make changes or take complete control of the site from its owner. This is why it is important to be careful when a user wants to install or update a part of their site, especially when it comes to plugins.
How to fix it
The good news is that there is already a fix for this zero-day vulnerability. A patch was developed by the WP File Manager developer team and to protect their site, the site’s owner simply needs to upload the patch. For those who do not know how to do this, they can simply contact the WordPress support team or read the patch’s documentation to find out more. In addition, there is an auto-update in the latest version of WordPress. This means that all that is needed is to update to the latest version and the patch will be installed automatically.
We also recommend running a free WordPress Vulnerability scan at wpsec.com.