Millions of WordPress sites are facing attacks following the discovery of a security flaw in a popular plugin, according to TechRadar. Researchers at security firm Defiant have warned that the File Manager plugin used by hundreds of thousands of WordPress sites has a zero-day vulnerability, allowing hackers to launch attacks on users. This flaw could allow attackers to upload malicious files onto WordPress sites that have not updated with the latest version of File Manager. Defiant, which operates the web firewall service Wordfence, says it has recorded attacks against 1.7 million sites since the vulnerability was first exploited, with 11 sites being targeted more than 100,000 times. The developers of the File Manager plugin have created and released a patch for the vulnerability, with users urged to update their software as soon as possible. Given the reach that File Manager allows a user on the wp-admin dashboard, the plugin could present attackers with access to all facets of affected WordPress sites.