Vulnerability Discovered in WordPress File Manager Plugin < 6.9
https://blog.nintechnet.comThe popular WordPress File Manager plugin (700,000+ installations) fixed a critical zero-day vulnerability affecting version 6.8 and below. The vulnerability allows an unauthenticated user to run the file manager commands by directly accessing an unprotected file from its elFinder package. The hacker can then upload php script and used it to inject code into the core WordPress pages.
The issue has been fixed in Version 6.9 which is available now from the WordPress Plugin Repo.