Todays post should just be a quick one for all the WordPress users out there. If you have the wp-file-manager plugin, then you really want to update it. A vulnerability in all versions from 6.4 to 6.8 allows unauthenticated file uploads, file modification and remote code execution, leaving the website vulnerable to a complete takeover. This has been being actively and heavily exploited since the end of August.
The good news for those of you lacking the time and bandwidth to keep track of these sort of issues is that the latest version of WordPress 5.5 “Eckstine” includes an automatic update control for plugins and themes.
As a lazy human, I am a strong advocate of systems which automatically update. Backups are another thing which should not rely on the squishy parts of a system. Very few people have the time to keep track of these things properly and if they can be handed off to a machine, then that is one less thing to forget in that long list of things we tend to forget.
Hope this helps.
Edit 12th September : Article about this