Hackers are currently actively exploiting a vulnerability in WordPress which the threat actors can manipulate to execute malicious commands and scripts on Websites running File Manager. File Manager is a WordPress plugin that has over 700,000 active installations, according to researchers. The security flaw has been patched, however, the first attacks were detected by security teams just hours after the patch was released.
NintechNet, a security firm in Bangkok was the first to report an in-the-wild attack. The company stated that the hacker was uploading a script titled hardfork.php, using it to inject code into WordPress scripts through leveraging the vulnerability. Hackers are able to inflict more damage through uploading these malicious scripts, which then carry out actions on other parts of the compromised site.
Read More: A Critical Flaw Is Affecting Thousands of WordPress Sites