17/09/2020

WordPress File Manager plugin 6.0-6.8 CVE-2020-25213

On 01/09/2020, a critical vulnerability was identified in the WordPress file manager plugin. The vulnerability allows remote attackers to upload and execute arbitrary PHP code on the target site. This vulnerability affects WordPress file manager plugin versions 6.0 to 6.8.

Members are strongly advised to upgrade the file manager plugin to the fixed version, 6.9.

The vulnerability is being actively scanned for and exploited.

Recommendations:

• Check all WordPress sites for the file manager plugin
• Upgrade the plugin to version 6.9, if not already done so
• Check for any indicators of compromise
• Report as necessary to Janet CSIRT

Indicators of compromise:

The below files posted to a vulnerable WordPress file manager version.

• Feoidasf4e0_index.php
• hardfork.php
• hardfind.php
• x.php

The following source IP’s have been seen scanning and/or exploiting this vulnerability.

• 188.165.217.134
• 192.95.30.59
• 192.95.30.137
• 198.27.81.188
• 46.105.100.82
• 91.121.183.9
• 185.81.157.132
• 185.222.57.183
• 185.81.157.236
• 185.81.157.112
• 94.23.210.200
• 185.222.57.93
• 185.81.157.177
• 185.81.157.133

Full details and references:

https://nvd.nist.gov/vuln/detail/CVE-2020-25213

Keeping Up To Date With Us Is Easy, Sign Up To Our Newsletter Today!

Stay in touch with emPSN, so that you get the latest e-safety advice and invites to our community events.

    Our partners