Since the WP File Manager plugin is installed on a large number of malware-infected sites, hacking that targets vulnerabilities in this plugin may be a current trend.
File Manager Plugin Vulnerability
The File Manager plugin is a plugin that allows you to comprehensively view and edit various WordPress files from the WordPress administration screen as if you were accessing them via FTP software.
However, V6.9 and below of this plugin has a serious vulnerability with a vulnerability score of 10 (the highest).
https://wp-doctor.jp/blog/vulnerabilities/wp-file-manager-exploit-cve-2020-25213/
Vulnerability score 10 means that it is a very high risk vulnerability with the following conditions.
The vulnerability can be attacked via the Internet.
No authentication is required for the attack.
Program files can be tampered with or installed.
In other words, it is possible to install as many malicious files on the server as desired, without any conditions via the network.
How to deal with it
From the WordPress administration screen, go to Plugins > List of Installed Plugins and check if WP File Manager (slug wp-file-manager) is installed, and make sure the version is not lower than 6.9.
If the version is lower than 6.9, please stop and delete the plugin or update it.
This vulnerability cannot be closed by simply deactivating the plugin, so please be sure to remove the plugin when deactivating it.
WordPress vulnerabilities can also be tested with a security plugin we developed.
Please use it if you wish.
Free WordPress:Malware Scan & Security Plugin [Malware and Virus Detection and Removal].
