The File Manager plug-in, which enables file manipulation on the administration screen like FTP software and has been installed on over 700,000 sites, has a very dangerous vulnerability in version 6.9 or lower.
Overview of File Manager Plug-in Vulnerability
An inadvertent misplacement of the developer’s test file, lib/php/connector.minimal.php, in the File Manager plugin allows hackers to directly upload and edit files via this file from the outside without authentication.
This plugin is now causing a large number of queries to be generated on WordPress sites to determine if this file is present, making it very dangerous for sites using this plugin.
National Vulnerability Database CVE-2020-24312
What to do
This vulnerability in the File Manager plugin was present in version 6.9 or lower, which has now been fixed and is version 7.
Please update your File Manager plug-in immediately or deactivate and remove the plug-in.
Plug-in for WordPress vulnerability scanning and malware scanning
Free WordPress:Malware Scan & Security Plugin [Malware and Virus Detection and Removal].