A popular WordPress plugin has an easy-to-exploit liability that resulted in a hacking spree across the internet. Millions of WordPress sites were attacked and probed as a result of the vulnerability. The data breach was acknowledged by the Wordfence web firewall company, Defiant.
The unauthenticated file upload liability resulted in the zero-day, which allowed hackers to upload nefarious files on sites deployed on an older plugin version of File Manager. No official information is available on how attackers detected the liability, but probe attacks were launched on potential sites with the plugin last week.