WordPress Plugin VendorFuel is prone to a local file overwrite vulnerability. Attackers can possibly exploit this issue to rewrite the contents of a .css file. This can be coupled with other existing vulnerabilities to affect the vulnerable application in various ways. WordPress Plugin VendorFuel version 1.3.1 is vulnerable; prior versions may also be affected.
Disable the plugin until a fix is available