High Severity Arbitrary File Upload Vulnerability Patched in File Manager Pro WordPress Plugin | allinfosecnews.com

Jan. 24, 2024, 2:30 p.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

On December 14th, 2023, shortly after the launch of our Holiday Bug Extravaganza, we received a submission for an Arbitrary File Upload vulnerability in File Manager Pro, a WordPress plugin with an estimated 10,000+ active installations. This vulnerability made it possible for authenticated attackers to create a PHP file that could contain malicious content and be used for complete site takeover.

Props to Tobias Weißhaar who discovered and responsibly reported this vulnerability through the Wordfence Bug Bounty Program. …

attackers bug december file file upload high holiday launch manager plugin pro severity submission upload vulnerability wordpress wordpress plugin

More from malware.news / Malware Analysis, News and Indicators - Latest topics

New Redline Version: Uses Lua Bytecode, Propagates Through GitHub 4 hours ago | malware.news

bytecode code detect found +12

Cybersecurity firm Darktrace sold to Thoma Bravo for $5.3 billion 16 hours ago | malware.news

acquisition article cybersecurity darktrace +5

Arctic Wolf Recognized as a Leader in Frost & Sullivan Managed Detection and Response Report 17 hours ago | malware.news

amp and response april arctic +20

CVE-2024-29204, CVE-2024-24996: Critical Vulnerabilities in Ivanti Avalanche 17 hours ago | malware.news

april avalanche components critical +19

Showcasing Artwork by Max for Autism Awareness Month 18 hours ago | malware.news

art article artwork autism +6

TikTok, Flowmon, Cisco, Brokewell, RuggedCom, Deepfakes, Non-Competes, Aaran Leyland - SWN #381 19 hours ago | malware.news

article cisco deepfakes flowmon +6

Kaiser Permanente notifies 13.4M patients of potential data exposure 19 hours ago | malware.news

apps article data data exposure +16

Impact of organizational structure on ransomware outcomes: Where does your org fit in? 19 hours ago | malware.news

article challenges core security detection +15

VA is warning veterans about Change Healthcare cyberattack, secretary says 20 hours ago | malware.news

alerting article attack change +14

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations

View on infosec-jobs.com

Open-Source Intelligence (OSINT) Policy Analyst (TS/SCI)

@ WWC Global | Reston, Virginia, United States

View on infosec-jobs.com

Security Architect (DevSecOps)

@ EUROPEAN DYNAMICS | Brussels, Brussels, Belgium

View on infosec-jobs.com

Infrastructure Security Architect

@ Ørsted | Kuala Lumpur, MY

View on infosec-jobs.com

Contract Penetration Tester

@ Evolve Security | United States - Remote

View on infosec-jobs.com

Senior Penetration Tester

@ DigitalOcean | Canada

View on infosec-jobs.com