This morning, on September 1, 2020, the Wordfence Threat Intelligence team was alerted to the presence of a vulnerability being actively exploited in File Manager, a WordPress plugin with over 700,000 active installations. This vulnerability allowed unauthenticated users to execute commands and upload malicious files on a target site.
A patch was released this morning on September 1, 2020. We are seeing this vulnerability being actively exploited in the wild, therefore, we urge users to update to the latest version, 6.9, immediately since it contains a patch for this vulnerability and will keep you protected.
Wordfence Premium users, as well as those still using the Free version, are protected against this attack campaign by the Wordfence firewall’s built-in file upload protection, though the Wordfence firewall needs to be optimized in order to protect your site from this vulnerability.
While analyzing the vulnerability, we discovered that it was possible to bypass the built-in file upload protection so we deployed an additional firewall rule for maximum coverage. Wordfence Premium customers received this new firewall rule today, September 1, 2020, at 2:56PM UTC. Free Wordfence users will receive the rule after thirty days on October 1, 2020.
Chloe Chamberland – Wordfence Threat Analyst