https://www.pluginvulnerabilities.com/2017/08/16/settings-change-vulnerability-in-asgaros-forum/
One of the ways we make sure we have the best data on vulnerabilities in WordPress plugins is by monitoring the WordPress Support Forum for threads possibly related to those. Through that today we ran across a thread started earlier today that seemed to indicate malicious .php files were being uploaded through the Asgaros Forum plugin.
Looking over the plugin we found
Source: Security Feed