Zero-day vulnerability in WordPress Plugin Patched by BitNinja

On 2 September 2020 arstechnica reported a zero-day vulnerability in a WordPress plugin. File Manager helps users manage their files on the website. It was downloaded 700,000 times and more than half of the customers are affected. The vulnerability allowed hackers to execute commands and upload files on a website.

How did the BitNinja team patch the vulnerability?

We discovered the exploit with our Defense Robot. In the next step we added the new malware signatures to our Source Code Structure Analysis database and retroactively put the infected files to quarantine. Eventually our IP Reputation system blakclists the malicious IP addresses.

We neutralized the malware in a few hours and by now we can validate that it was a real threat. You don’t have to worry, because you can count on us! We are defending your servers 24/7, just sit back and enjoy the best security. We recommend you to update the File Manager’s latest version in WordPress and always keep your plugins up-to-date. 😉

Have a hacker-free day!