The “Manage for IcoMoon” or improperly named “Manager for Icommon” which hasent seen an update since at least 2021 has an exploit that allows the attacker to upload and decompress files in the hosts WordPress instance. This vulnerability is allowing hackers to drop files in the WordPress uploads folder and potenitally drop backdoors, loggers, etc on their site. The first sign that you may be infected with this is if you are missing icons on the website frontend and the settngs in the IcoMoon are reverted to default.
More info here from the VulDB.
If you do notice this problem, it may be too late as files could be littered throughout your installation which could compromise both your website admins and visitors. Best bet is to restore a backup and patch the Plugin ASAP. While no patch is publicly available, we have created one that addresses this issue that can be found here. While the patch will get you by temporarily, it’s probably best to find another plugin to integrate icon fonts built from the Icomoon site
