Attackers have been operating within older versions of File Manager, apparently trying to see if they can gain access to the websites first and then return presumably to upload malicious files.
Hackers are exploiting a flaw within WordPress plugin File Manager to break into websites, posing a threat to more than 52 percent of 700,000 active installations, researchers warned on Tuesday.
Thai website security firm NinTechNet was among the first to catch and report the attacks. According to CEO Jerome Bruandet, hackers were trying to crack websites first, but are highly likely to come back later since they password-protected the access to the infected files/sites. He added that they will learn hackers’ intentions in the next few days, when they return.
Another website security firm Wordfence said that it blocked more than 450,000 attacks in recent days. Hackers were trying to inject files, mostly empty, apparently in order to upload malware later. Exploiting a flaw in a plugin like File Manager could allow attackers to operate directly from the WordPress dashboard. By cracking the admin area of the website, they could expand the capacity of the attacks.
The flaw is only in File Manager versions ranging from 6.0 to 6.8, so researchers recommend updating them to 6.9 as soon as possible.
Sourse: sputniknews.com