Yesterday a zero-day vulnerability was discovered in a popular WordPress plugin, File Manager. The vulnerability allows arbitrary file upload and remote code execution.

Source: LXer – 700,000 WordPress Sites Affected By Zero-day Vulnerability in File Manager Plugin