Critical WordPress vulnerability: arbitrary code execution via RCE in WP File Manager plugin

Greetings! Welcome to a new success story showcasing how vulnerability analysis can protect and empower businesses. Today, we’re highlighting an example of a small but rapidly growing company in the educational technology sector.

General Description

This company runs an online educational platform offering courses for students and professionals. It employs 15 people, and its website attracts over 30,000 monthly visitors. The platform is based on WordPress (WP) and includes:

• 3 main domains, and
• 4 subdomains for testing and special projects.

A solid setup for a growing business—but like any infrastructure, it’s not immune to vulnerabilities.

Our Approach: Step-by-Step

1. Scanning Subdomains:

We scanned the main domain and all subdomains. One subdomain stood out: test.edu-platform.local.

2. Vulnerability Detected:

This subdomain was using the WP File Manager plugin (version 6.8), which has a known Remote Code Execution (RCE) vulnerability.

3. Confirmation:

By sending a specially crafted HTTP request to wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php, we confirmed the ability to execute arbitrary code on the server.

Why This Vulnerability is Critical

This issue is particularly severe due to the widespread use of the WP File Manager plugin, its ease of exploitation, and the potential consequences for web platform security.

And this is typical for a such popular platform.

In 2023, plugins were responsible for 96.77% of all new WordPress vulnerabilities.

42,9% of all new WordPress vulnerabilities in 2023 had a high or critical CVSS severity

More about WordPress vulnerabilities you can find here.

What Could Attackers Do? If exploited, this vulnerability could allow attackers to:

- Execute arbitrary code on the server, gaining full control of the host.

- Download and run malicious scripts to attack site visitors.

- Access confidential information, including databases and user accounts.

- Disrupt or disable the platform, including data deletion or a complete service shutdown.

Results

After receiving our detailed report, the company implemented all necessary actions to mitigate the threat within hours. This is a common outcome for our clients — once you know where the problem lies, fixing it becomes straightforward.

Key Takeaway

Every component of your infrastructure—whether software, plugins, or domains—can introduce vulnerabilities due to various factors. For growing companies, managing every aspect of security can be overwhelming. That’s why delegating these tasks to professionals can save time, money, and your business.

How We Can Help

Our platform ensures you stay aware of potential risks in your web infrastructure, enabling you to respond timely and effectively to an ever-changing technology landscape. The best part? You can try it for free.

Stay safe, more to come.