Level 6
An easy-to-exploit vulnerability in a popular WordPress plugin has triggered an internet-wide hacking spree.

Millions of WordPress sites have been probed and attacked this week, Defiant, the company behind the Wordfence web firewall said on Friday.

The sudden spike in attacks happened after hackers discovered and started exploiting a zero-day vulnerability in "File Manager," a popular WordPress plugin installed on more than 700,000 sites.

The zero-day was an unauthenticated file upload vulnerability[1, 2] that allowed an attacker to upload malicious files on a site running an older version of the File Manager plugin.

It's unclear how hackers discovered the zero-day, but since earlier this week, they began probing for sites where this plugin might be installed.

If a probe was successful, the attackers would exploit the zero-day and upload a web shell disguised inside an image file on the victim's server. The attackers would then access the web shell and take over the victim's site, ensnaring it inside a botnet.