The File Manager plug-in, which enables file manipulation on the administration screen like FTP software and has been installed on over 700,000 sites, has a very dangerous vulnerability in version 6.9 or lower.

Overview of File Manager Plug-in Vulnerability

An inadvertent misplacement of the developer’s test file, lib/php/connector.minimal.php, in the File Manager plugin allows hackers to directly upload and edit files via this file from the outside without authentication.

This plugin is now causing a large number of queries to be generated on WordPress sites to determine if this file is present, making it very dangerous for sites using this plugin.

National Vulnerability Database CVE-2020-24312

What to do

This vulnerability in the File Manager plugin was present in version 6.9 or lower, which has now been fixed and is version 7.
Please update your File Manager plug-in immediately or deactivate and remove the plug-in.

Plug-in for WordPress vulnerability scanning and malware scanning
Free WordPress:Malware Scan & Security Plugin [Malware and Virus Detection and Removal].

Related Posts:

  1. Vulnerability in wordpress plugin yuzo related posts, plugin cannot be downloaded
    There is a vulnerability in the wordpress plugin yuzo related posts, but no update has been released. this article explains how to resolve the vulnerability in yuzo related posts....
  2. What are program vulnerabilities in WordPress?
    WordPress and plugins require updates to close vulnerabilities, but we will explain the most dangerous types of vulnerabilities....
  3. Most Targeted Plugin Vulnerabilities in WordPress, November 2020 Edition
    WordPress Doctor is pleased to inform you of the commonly targeted plugin vulnerabilities in WordPress as of November 2020 that we detect on a daily basis....
  4. Vulnerability in tagDiv Composer plugin bundled with WordPress Newspaper theme allows database rewriting
    A vulnerability in tagDiv Composer, a plugin included with the WordPress Newspaper theme, has been discovered that allows the database to be rewritten....
  5. [Urgent] File Upload Vulnerability in Contact Form 7 v5.3.1 and Below
    A file-uploadable (most dangerous) vulnerability was discovered in the Contact Form 7 plugin 5.3.1 and below, which is installed in 5 million sites....
  6. Serious Vulnerability in WordPress Jetpack Plugin
    A serious vulnerability has been discovered in the Jetpack plugin for WordPress and a version update has been distributed. This section explains how to deal with this vulnerability....