CISA has added a high-severity remote code execution vulnerability that has been active for almost three years on Plex Media Server to its security flaw list. This vulnerability, known as CVE-2020-5741, allows attackers with admin privileges to execute arbitrary Python code remotely. Attackers with admin access to a Plex Media Server could misuse the Camera Upload feature to make the server execute malicious code, which could not be exploited without first gaining access to the server’s Plex account. While CISA did not provide any details on the attacks where CVE-2020-5741 was exploited, LastPass had reported that a senior DevOps engineer’s computer was hacked last year to install a keylogger by abusing a third-party media software RCE bug. Coincidentally, in August, Plex also notified customers of a data breach and asked them to reset their passwords after LastPass disclosed a second breach of its own.
Source: Bleeping Computer
To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.