Hackers are actively exploiting a critical remote code execution vulnerability in the File Manager WordPress plugin that could be exploited by unauthenticated attackers to upload scripts and execute arbitrary code on WordPress sites running vulnerable versions of the plugin.
The File Manager plugin allows users to easily manage files directly from WordPress, it is currently installed on more than 700,000 WordPress sites.
The vulnerability was first discovered by Gonzalo Cruz from Arsys, the researcher also confirmed that threat actors are already exploiting the flaw to upload malicious PHP files onto vulnerable sites.
