If you are using the WordPress Plugin File Manager you should check the status of your site today and update the plugin where possible due to a vulnerability.
Attacks against this vulnerability have risen dramatically over the last few days. Wordfence has recorded attacks against over 1 million sites today, September 4, 2020, as of 9 AM Pacific Time. Sites not using this plugin are still being probed by bots looking to identify and exploit vulnerable versions of the File Manager plugin, and we have recorded attacks against 1.7 million sites since the vulnerability was first exploited. Although Wordfence protects well over 3 million WordPress sites, this is still only a portion of the WordPress ecosystem.
The true scale of these attacks is larger than what we were able to record.
You can find more information about the attack in this Wordfence blog post. https://www.wordfence.com/blog/2020/09/millions-of-sites-targeted-in-file-manager-vulnerability-attacks/
Saturday, September 5, 2020
