If you are running the WordPress File Manager plugin, there is a vulnerability that is being exploited that allows for the upload of malicious files on your site. A patch was released on September 1, 2020. If you are running this plugin, either remove it or update it immediately. It is being actively exploited.
You can find more information at https://www.wordfence.com/blog/2020/09/700000-wordpress-users-affected-by-zero-day-vulnerability-in-file-manager-plugin/
Keep Your Sites Patched
This is a good reminder to make sure you are regularly patching your WordPress websites. WordPress 5.5 has a new feature allowing you to auto-update your plugins and themes. You can enable or disable this for individual plugins and themes.
Having a security plugin like WordFence is also a good way to not only protect your site but stay updated about vulnerable plugins.