<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-5HLVVHN" height="0" width="0" style="display:none;visibility:hidden">

Critical Vulnerability In File Manager Plugin For WordPress

Sep 4, 2020 9:17:28 PM / by Marat Sataev

 

IMUNIFY360_NEUT_MAL_GRAPHICS_V2_02

 

On Wednesday, 2 September, the Imunify360 Web Protection Team detected a significant rise in blocked malware that day. Most of the malware was located in the /wp-file-manager/lib/files/ directory path.

When we investigated, we determined that there was a critical vulnerability in the File Manager plugin for WordPress, and that this vulnerability affected a variety of applications.

As you can see from the chart below, this malware was detected on 0.086% of servers protected by Imunify360. The attack vector has now been neutralized, and there were tons of intrusion attempts rejected by Imunify360. 24% of the hosted domains in total were targeted by the attack.

 

 

To prevent servers protected by Imunify360 from being infected, we delivered the new ModSecurity protection rule with ID 77316730, IM360 WAF: WordPress plugin File Manager < 6.9 - Remote Code Execution. The rule was deployed automatically on 3 September. Regardless, we suggest that Imunify users check the current ruleset - it should be v3.33 or later.

The chart below displays the number of events for rule 77316730. At the moment, more than 800,000 incidents have already been recorded and used for analysis.

 

  

Other improvements included in this update are described in this blog post: WAF Rules v.3.32 and v.3.33 Released.

We on the Imunify360 Web Protection Team are continuing to watch for new zero-day vulnerabilities, and will publish additional details as soon as we have them.

 

Please Share Your Feedback

 

The Imunify360 Web Protection Team would like to hear from you. To share your ideas and observations on vulnerabilities like the one described above, please send them to us at feedback@imunify360.com.

If you have questions on how to use Imunify360, or you’d like to resolve a support issue, please contact the Imunify360 support team at cloudlinux.zendesk.com.

 

Topics: Imunify360, Vulnerability, Developer Blog, Advice, WordPress

Marat Sataev

Written by Marat Sataev

Team Lead / Security Researcher

    Subscribe to Email Updates

    Ready to try Imunify?

    30-DAY TRIAL

    Recent Posts