Home SEO News WordPress File Manager Plugin Vulnerability Affects Over 1 Million Websites

WordPress File Manager Plugin Vulnerability Affects Over 1 Million Websites

Jan 23, 2024 0 Comments
WordPress File Manager Plugin Vulnerability Affects Over 1 Million Websites

A major security vulnerability in the widely used File Manager plugin for WordPress, affecting more than 1 million websites, has been identified and fixed. The vulnerability has a severity rating of 8.1 out of 10 and could allow unauthenticated attackers to access sensitive information, including data contained in site backups.

Unauthenticated attack vulnerabilities

What makes this vulnerability a major concern is the fact that a hacker does not need login credentials to launch an attack, which is what is meant by the term unauthenticated.

In the context of a WordPress plugin vulnerability, an attacker could access sensitive information without logging in or authenticating their identity. This type of attack takes advantage of a security vulnerability that the File Manager add-on refers to as Using Insufficiently Random Values.

The List of common weaknesses The security website describes this type of vulnerability:

“The product uses insufficiently random numbers or values ​​in a security context that relies on unpredictable numbers.

When the product generates predictable values ​​in a context that requires unpredictability, it is possible for an attacker to guess the next value to be generated and use that guess to impersonate another user or gain access to sensitive information.

This category of vulnerability is due to a weakness in the backup file name generation algorithm of the File Manager plugin. The algorithm combines a timestamp with a four-digit random number, but this amount of randomization is not random enough to prevent an attacker from successfully guessing file names, and consequently allows attackers to access files from backup in configurations where there is no . htaccess to block access.

Vulnerability of using non-random values

The Use of Insufficiently Random Values ​​vulnerability type is a plug-in flaw that relies on generating random and unpredictable file numbers to prevent attackers from guessing what a backup file name is. The lack of randomization of plugins allows an attacker to guess file names and gain access to sensitive information.

Vulnerable versions of the plugin

The security vulnerability is present in all versions up to and including 7.2.1 and was fixed in the latest plugin update, with the release of version 7.2.2.

The update, as indicated in File Manager WordPress Plugin Changelog Documentation, includes a fix for the security issue. Plugin users are encouraged to consider upgrading to this latest version to protect their websites from potential exploits.

Read the Wordfence notice for more information:

File Manager <= 7.2.1 - Exposure of sensitive information via backup filenames

Featured image by Shutterstock/Perfect_kebab

[ad_2]

Source link

You May Also Like

Las Vegas SEO Co Announces Premier SEO Consultancy Services

Las Vegas SEO Co announces first SEO consulting services

Small seo tools plagiarism checker

Get the highest rank with a small online SEO tool

Local Marketing

The importance of local marketing for home service businesses

MAKE AN IMPACT WITH ADVANCED GENERATIVE ENGINE OPTIMIZATION

Google's advice on fixing broken links for SEO

Google’s unconventional tips for fixing broken backlinks

All the SEO Secrets: The CEO's Advice on Becoming an SEO Expert Transforms Businesses 10,000 Readers

All the SEO Secrets: The CEO’s Advice on Becoming an SEO Expert Transforms Businesses 10,000 Readers

About the Author: Ted Simmons

I follow and report the current news trends on Google news.

Leave a Reply

Your email address will not be published. Required fields are marked *