On July 8, 2022 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Download Manager,” a WordPress plugin that is installed on over 100,000 sites. This flaw makes it possible for an authenticated attacker to delete arbitrary files hosted on the server, provided they have access to create downloads. If an attacker deletes the wp-config.php file they can gain administrative privileges, including the ability to execute code, by re-running the WordPress install process.
You may also like
Career Compass: The Top 10 Industries for Remote Work in 2024
The corporate world has undergone a seismic shift...
Divi 5 Update: Front End Speed Improvements (And Much More)
I’m back with another Divi 5 update, and I have a...
Recent Posts
- Why Bunny CDN Is the Best Choice for Hosting Your Videos With Presto Player Plugin
- Speak at a WordCamp or Meetup About the Training Team and Learn WordPress
- PTE Request for ThumbPress
- Career Compass: The Top 10 Industries for Remote Work in 2024
- Divi 5 Update: Front End Speed Improvements (And Much More)