![]() The wp-config.php file in particular is a popular target for attackers as deletion of this file would disconnect the existing database from the compromised site and allow the attacker to re-complete the initial installation process and connect their own database to the site. This can be used by attackers to delete critical files hosted on the server. $file = the user goes to permanently delete the “download” post the deleteFiles() function will be triggered by the before_delete_post hook and the supplied file will be deleted, if it exists. We strongly recommend ensuring that your site has been updated to the latest patched version of “Download Manager”, which is version 3.2.53 at the time of this publication.ĭescription: Authenticated (Contributor+) Arbitrary File DeletionĪffected Versions: package->getFiles($post_id, false) The plugin was fully patched the next day on July 27, 2022. We never received a response so we sent the full details to the plugins team on July 26, 2022. ![]() We attempted to reach out to the developer on July 8, 2022, the same day we discovered the vulnerability. Wordfence Free users will receive this same protection 30 days later on August 7, 2022. Wordfence Premium, Wordfence Care, and Wordfence Response received a firewall rule on Jto provide protection against any attackers that try to exploit this vulnerability. If an attacker deletes the wp-config.php file they can gain administrative privileges, including the ability to execute code, by re-running the WordPress install process. This flaw makes it possible for an authenticated attacker to delete arbitrary files hosted on the server, provided they have access to create downloads. On Jthe Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Download Manager,” a WordPress plugin that is installed on over 100,000 sites. ![]() High Severity Vulnerability Patched in Download Manager Plugin ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |