The new week started with a new campaign trying to widely use the Arbitrary File Upload vulnerability in the Simple File List plugin for WordPress.
We've observed 1860 unique IP addresses knocking to our sensors.
We see an attack on each second domain that Imunify360 protects.
Vulnerable endpoint is /wp-content/plugins/simple-file-list/ee-upload-engine.php :
The public exploit has been available since the first of November. Cybercriminals are using it without major modifications and attempting to upload malicious files using this vulnerability. All uploaded samples are well known to the Imunify team.
We are aware of the issue, and growing exploit attempts, so a new specific ModSecurity rule with ID 77316747 is available to our customers with release 3.44.
Imunify360 users are ready and well prepared for this attack.
Should you need any further information, please do not hesitate to submit a ticket to the Imunify360 support team at cloudlinux.zendesk.com.