WP File Manager is a very popular plugin used in over 700,000 WordPress websites.This plugin gives root access to the server directly from the WordPress dashboard. it is extremely handy and can reduce down time when a problem arises. The plugin Wordfence has uncovered a major vulnerability in WP File Manager which allow hackers to upload malicious code directly through WordPress.
I personally have discovered malicious plugins installed on one of my websites which caused the website to crash. I was fortunately able to log in quickly to the server and delete out the fraudulent plugins. Once the plugins were identified and deleted, I updated the remaining plugins and updated WordPress to the most current version (5.5.1).
I will be monitoring the situation and will also be logging into my customers websites to delete the plugin, if it is there.
If you feel your site has been hacked or are experiencing issues, Contact Jason at 440.503.3393 right away!