A “themify-ajax.php” file upload arbitrary PHP code execution vulnerability was found in WordPress Notes theme.
Update the theme.
packetstormsecurity.com/files/124097/