Just a few hours ago, a vulnerability was discovered and patched in the popular MailPoet plugin (formerly WYSIJA), which allows hackers to upload files to your website.
If you have MailPoet installed, you should immediately upgrade the plugin through the automatic upgrade process to version 2.6.7.
To read more about this exploit, please read Sucuri’s writeup.