it appears that there was a critical flaw in Ferrari’s subdomain, which led to an arbitrary file read vulnerability. The vulnerability existed in the media.ferrari.com subdomain using a vulnerable WordPress plugin (W3 Total Cache) that could allow threat actors to read sensitive files on the server.
Read full article on GBHackers