A very serious vulnerability has been discovered within the WP-CopySafe-Web and WP-CopySafe-PDF WordPress plugins, allowing attackers to arbitrarily upload code, which can include a PHP shell to gain full access to a user's files. This first appeared a few days ago being sold on several hacker sites.
What if I am affected?
If you are running either of these plugins, remove them immediately. Be sure not to just disable them as the code will still be accessible and your website could still be compromised.
If possible, we recommend that you revert to any previous backups you may have made as to ensure that you have not already been compromised. Security scans such as Sucuri SiteCheck can also be run on the site to ensure that there is not malicious code running on any of your pages.