WordPress Plugin Arbitrary File Upload Vulnerability

Hackers have exploited a critical vulnerability in the WordPress plugin Keydatas, known as CVE-2024-6220. The vulnerability allows hackers to upload any file to a site, leaving it open to remote code execution or complete takeover. The issue, discovered by a researcher named Foxyyy, was confirmed swiftly and exploitation attempts noticed within days. A patch was released on July 29, 2024, and users are encouraged to update immediately.