One of the things that we do to provide our customers with the best data on WordPress plugin vulnerabilities is to monitor third party data on hacking attempts. That sometimes leads us to finding what looks to be exploitation of vulnerabilities that a hacker has just discovered in the current version of a plugin. In other cases it shows old vulnerabilities that hackers are still trying to exploit. We recently spotted an attempt to exploit an arbitrary file upload vulnerability in older versions of the plugin 360 Product Rotation. We couldn’t find a page that describes the issue to link to for our data on the vulnerability, so here are the details.