Yikes, this is a zero day (now one day) exploit regarding the File Manager Plugin. Chloe Chamberland for Wordfence, 700,000 WordPress Users Affected by Zero-Day Vulnerability in File Manager Plugin: “When using utility plugins like this file manager plugin, we recommend taking the utmost precaution. Plugins like this one contain several features that if exposed within the admin area of your WordPress installation, could cause serious problems.”