If you’re using the popular File Manager plugin (700k+ installations), be sure it’s upgraded to the latest version. A recently discovered vulnerability allows “unauthenticated users to execute commands and upload malicious files on a target site.” 🎯
A patch was released this morning on September 1, 2020. Some WordPress managed hosting companies are scanning sites and contacting customers.
