Attackers are actively exploiting a critical bug in the File Manager WordPress plugin.
Wordfence researchers are "confident" the same actor is responsible for a wave of attacks that have hit thousands of WordPress sites over the past month by targeting vulnerabilities in WordPress plugins.
The WordPress security team has a tough job: regularly fixing security issues found in the most popular CMS while providing users with the tools to make sure they aren't running older vulnerable code.