Attackers take advantage of a critical remote code execution flaw that affects over 600.000 WordPress sites. The vulnerability we mentioned in a previous publication and concerns websites that run vulnerable versions of the File Manager plugin.
Critical vulnerability allows unauthorized users to upload maliciously archives PHP and run malicious code. The File Manager development team addressed the flaw with the release of File Manager 6.9.
Although the bug was fixed immediately when developers were notified by Seravo security manager Ville Korhonen, who discovered the 0day and the ongoing attacks that were trying to exploit it, researchers by security firm Defiant found more than 1,7 million vulnerable websites from September 1st to September 3rd.
In an updated report released today, Defiant threat analyst Ram Gall states that hackers they have not stopped their "siege", and the total number of WordPress sites they are targeting has reached 2,6 million.