On July 8, 2022 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Download Manager,” a WordPress plugin that is installed on over 100,000 sites. This flaw makes it possible for an authenticated attacker to delete arbitrary files hosted on the server, provided they have access to create downloads. If an attacker deletes the wp-config.php file they can gain administrative privileges, including the ability to execute code, by re-running the WordPress install process.
You may also like
Comments Engine AI WordPress Plugin
AI is going to do many things for us. You can...
How to Add Social Share Buttons in WordPress (Beginner’s Guide)
Do you want to add social share buttons in...
Download a Free Architecture Firm Theme Builder Pack for Divi
It’s time for another freebie! This time, we’re...