Attackers Target Critical Flaw in File Manager Plugin for...

Attackers Target Critical Flaw in File Manager Plugin for WordPress

On September 1, Wordfence reported that attackers have been targeting a critical vulnerability in File Manager, a WordPress plugin that is used to manage files on WordPress sites. The plugin, which is actively installed on over 700,000 WordPress sites, is vulnerable to a command injection flaw that could lead to remote code execution. It received a CVSSv3 score of 10.0, the maximum score. It currently does not have a CVE identifier assigned to it.

For more information about the vulnerability, including the availability of patches and Tenable product coverage, please visit our blog.

Cyber Exposure Alerts

Vulnerability Watch

Forum Discussion

Attackers Target Critical Flaw in File Manager Plugin for...

Recent Discussions

Cyber Retaliation: Analyzing Iranian Cyber Activity Following Operation Epic Fury

Microsoft’s March 2026 Patch Tuesday Addresses 83 CVEs

Microsoft’s February 2026 Patch Tuesday Addresses 54 CVEs (CVE-2026-21510, CVE-2026-21513)

CVE-2026-20127: Cisco Catalyst SD-WAN Controller/Manager Zero-Day Exploited in the Wild

Frequently Asked Questions About Notepad++ Supply Chain Compromise

Americas

Europe

Asia / Australia