Servage Magazine

Information about YOUR hosting company – where we give you a clear picture of what we think and do!

Security vulnerability in WordPress plugin: WP File Manager

Wednesday, September 9th, 2020 by Helge

plug_attentionCurrently a security risk in the WordPress plugin WP File Manager  was reported. In this blog, you find details about the security gap and some information about the plugin.

With the file manager “WP File Manager” you can easily upload, download, move, rename, copy and paste files – so you can manage all your files in one place. This means you no longer need cumbersome ftp access, but can do everything in the backend.The popular plugin also includes security features so that you cannot damage your site so easily.

However, a security gap in that plug in was reported. Through this gap, an unauthenticated user (virtually anyone) can upload any files and thus ultimately cause maximum damage via remote code execution . From the theft of data to the crippling and deletion of a page or the misuse of the page for further attacks / to damage inexperienced visitors. The PHP file lib / php / connector.minimal.php could be opened directly by default, which opened lib / php / elFinderConnercotr.class.php. These are processed by POST / GETVariables which allow some internal features, such as file upload, to be carried out. This in turn led to the unauthenticated upload of arbitrary files and the problem that an attacker could execute arbitrary code on the system.

The vulnerability can be closed by updating the plug-in to the latest version 6.9 .

Furthermore, if you were hacked,  we highly recommend to also reinstall WordPress from the “Dashboard > Updates” menu to clean-up the infected core files, and change all admin users and database passwords.

You find more info on e.g. the WPScan WordPress Vulnerability Database. Click HERE to open the page.

How to update a plugin?

To do that, go to the ‘Updates‘ section of your administration panel. If there are some plugins or themes that can be updated, they will appear here, right below the part which tells you if a new version of WordPress is available or not. To update your plugins, select them and click on the ‘Update Plugins‘ button. On THIS page, you find a detailed description how to upgrade plug ins in a proper way

Security vulnerability in WordPress plugin: WP File Manager, 5.0 out of 5 based on 7 ratings
Categories: Guides & Tutorials
You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

No comments yet (leave a comment)

You are welcome to initiate a conversation about this blog entry.

Leave a comment

You must be logged in to post a comment.