Vulnerability Discovered in Autoptimize < 2.7.7
https://wordpress.orgAutoptimize WordPress plugin has 1 million active installation and can be used to enable a bunch of performance improvement to your website. In versions prior to 2.7.7 there is a vulnerability that allows high privilege users to upload arbitrary files, such as PHP, leading to Remote code execution (RCE).
The issue has been fixed in Version 2.7.7 which is available now from the WordPress Plugin Repo.