Critical Remote Code Execution Flaw Found in WordPress Plugin

/1 Comment/in /by

 

Critical Remote Code Execution Flaw Found in WordPress Plugin

http://threatpost.com/critical-remote-code-execution-flaw-found-in-wordpress-plugin/109720There is an easily exploitable remote code execution vulnerability in a popular WordPress plugin that helps manage file downloads and researchers say the bug could be used by even a low-level attacker to run arbitrary code on a vulnerable site.

The vulnerability is in the WP Download Manager, versions 2.7.4 and lower, and it could be used to implant a backdoor on a vulnerable site or get access to administrative accounts. Researchers at Sucuri discovered the vulnerability and a fixed version of the WP Download Manager plugin was released earlier this week. Critical Remote Code Execution Flaw Found in WordPress Plugin

1 reply

Comments are closed.