This Vulnerability Details post about a vulnerability in the plugin File Manager provides the details of a vulnerability we ran across while collecting data on vulnerabliities discovered by others for our data set on vulnerabilities in WordPress plugins, so its contents are limited to customers of our service. If you are not currently a customer, you can sign up for free here. There are a lot of other reason that you will want to sign up beyond access to posts like this one, including that you would have already been warned about this vulnerability if your website was vulnerable due to it.
The security vulnerabilities we previously disclosed in WP Editor have now been fixed in version 1.2.6, hopefully those or something else fixed in that version was what hackers are trying to exploit. While looking around for other security issues in plugin we found another vulnerability that had existed in 126.96.36.199 and all version below, which was fixed in 1.2.6 as well.