all InfoSec news
High Severity Arbitrary File Upload Vulnerability Patched in File Manager Pro WordPress Plugin
Malware Analysis, News and Indicators - Latest topics malware.news
On December 14th, 2023, shortly after the launch of our Holiday Bug Extravaganza, we received a submission for an Arbitrary File Upload vulnerability in File Manager Pro, a WordPress plugin with an estimated 10,000+ active installations. This vulnerability made it possible for authenticated attackers to create a PHP file that could contain malicious content and be used for complete site takeover.
Props to Tobias Weißhaar who discovered and responsibly reported this vulnerability through the Wordfence Bug Bounty Program. …
attackers bug december file file upload high holiday launch manager plugin pro severity submission upload vulnerability wordpress wordpress plugin