- May 11, 2020
An easy-to-exploit vulnerability in a popular WordPress plugin has triggered an internet-wide hacking spree.Millions of WordPress sites have been probed and attacked this week, Defiant, the company behind the Wordfence web firewall said on Friday.
The sudden spike in attacks happened after hackers discovered and started exploiting a zero-day vulnerability in "
The zero-day was an unauthenticated file upload vulnerability[
It's unclear how hackers discovered the zero-day, but since earlier this week, they began probing for sites where this plugin might be installed.
If a probe was successful, the attackers would exploit the zero-day and upload a web shell disguised inside an image file on the victim's server. The attackers would then access the web shell and take over the victim's site, ensnaring it inside a botnet.
Millions of sites have been probed, attacked
"Attacks against this vulnerability have risen dramatically over the last few days," said Ram Gall, Threat Analyst at Defiant.
The attacks started slow, but intensified throughout the week, with Defiant recording attacks against 1 million WordPress sites, just on Friday, September 4.
In total, Gall says Defiant blocked attacks against
The 1.7 million figure is more than half of the number of WordPress sites using the Wordfence web firewall. Gall believes the true scale of the attacks is even much larger, as WordPress is installed on hundreds of millions of sites, all of which are probably being gradually probed and hacked.
The good news is that the File Manager developer team created and released a patch for the zero-day on the same day it learned about the attacks. Some site owners have installed the patch, but, as usual, others are lagging behind.
It is this slowness in patching that has recently driven the WordPress developer team to add
Last edited by a moderator: