A high-risk vulnerability in the WordPress Download Manager plugin has been found that can be exploited to upload backdoors to affected websites.

The developers of the plugin’s have addressed the vulnerability with the release of WordPress Download Manager 2.7.5. So all website owners that use this plugin should update their installations as soon as possible.

The plugin has a remote code execution/remote file inclusion vulnerability that can be leveraged to hijack WordPress websites by injecting backdoors and modifying administrator credentials. So this allows malicious individuals to make their own personally way in to your site to take full control of it.

A excellent way for website owners to keep track of new vulnerabilities is to check the WPScan Vulnerability Database : https://wpvulndb.com/

Contact OneHourSiteFix For Help

It is imperative you keep updated all the libraries on your server, your CMS (WordPress,etc) and any plugins you have. Also ONLY download plugins and themes from the official sites. If you need any help in updating your site or checking the validity of your plugins just remember OneHourSiteFix is here to help. Just drop us a chat or mail and we will happily help you with this task. Never has the phrase ‘A Stitch In Time Saves Nine’ been more appropriate.

Helping Make Internet A Safer Place!