Vulnerability In 3 WordPress File Plugins Affects 1.3 Million Sites

An advisory was issued for three WordPress file management plugins that are affected by a vulnerability that allows unauthenticated attackers delete arbitrary files. The three plugins are installed in over 1.3 million websites.

Outdated Version Of elFinder

The vulnerability is caused by outdated versions of the elFinder file manager, specifically versions 2.1.64 and earlier. These versions contain a Directory Traversal vulnerability that allows attackers to manipulate file paths to reach outside the intended directory. By sending requests with…