WordPress Vulnerability Report: 2nd Week of September 2020

Post Date

September 11, 2020

The WordPress Vulnerability report is as follows.

WordPress Plugin Vulnerabilities

Several new WordPress plugin vulnerabilities have been discovered this month so far. Make sure to follow the suggested action below to update the plugin or completely uninstall it.

WordPress Plugin Vulnerabilities

1. Reflected XSS in WordPress Plugin Admin Pages

The administrative dashboard in WordPress is a pretty safe place: Only elevated users can access it. Exploiting a plugin’s admin panel would serve very little purpose here — an administrator already has the required permissions to do all of the actions a vulnerability could cause.

File Manager Plugins :

The Critical Zero-Day wordpress file manager plugin is generally used to allow website users to upload image files, but a flaw in the plugin’s file type checking could allow a user to upload a file with an embedded web shell. That web shell could then be used to launch a site takeover against the victim.
The WordPress plugin is the subject of a zero-day vulnerability that may expose more than 700,000 sites to malicious exploit.
Around 1.7 million websites have so far been attacked by threat actors looking to exploit a critical zero-day vulnerability in the WordPress File Manager plugin.

WordPress News :

1. Hackers are fighting a war over 300K vulnerable WordPress sites

Attackers who are actively exploiting a critical remote code execution flaw affecting over 600,000 of WordPress sites running vulnerable File Manager plugin versions have also been seen protecting the sites they compromise from other threat actors’ attacks.

2. WordPress Sites Attacked in Their Millions

Millions of WordPress sites are being probed in automated attacks looking to exploit a recently discovered plugin vulnerability, according to security researchers.
The plugin is installed on around 700,000 WordPress sites, and although Wordfence estimates that only around 37%, or 262,0000, are still running a vulnerable version, this hasn’t stopped attackers from trying their luck against a much larger number of users.

3. Researchers Uncover 89 Zero-Days in CMS Platforms

Security researchers are warning users of popular content management system (CMS) platforms that they could be exposed to a range of cyber-threats, after uncovering 89 zero-day vulnerabilities.
As part of its investigation, the team uncovered 89 zero-day vulnerabilities in platforms such as WordPress, Joomla, Drupal and Opencart — and their plugins.

It is crucial to the security of your WordPress site that you have an update routine.
You should be logging into your sites at least once a week to perform updates.