In WP File Manager Plugin
Over the past day, several Finnish media outlets have reported a serious security vulnerability in WordPress in a somewhat misleading way. We have received inquiries from our customers regarding this matter, so we would like to clarify this subject to our customers with this additional release. For example Yle.fi reported on the issue on 2th September 2020 this way.
Contrary to what the news headlines misunderstand, this is not a security vulnerability for all WordPress installations in general, but only a zero-day vulnerability in the WP File Manager plugin. This only applies to WordPress users who have installed this plugin. If you use WP File Manager plugin, please update it to the latest version or uninstall it from your WordPress.
However, incorrect reporting easily gives the impression that this vulnerability affects all WordPress sites, although this is not the case. On a general level implementing WordPress updates regularly is very important for security reasons. Plugins and themes for the content manager system should also be kept up to date.
Hostaan Ltd has powerful tools in WP web hosting products for maintaining and updating WordPress installations. We recommend all our customers to take care of updates according to our guidelines - or to agree on regular updates with the website designer.
Towards the end of the year, we will also be launching new SmartWP web hosting products that will allow you to reliably automate updates with the heuristic Smart Update feature.