Vulnerabilities were recently discovered in the popular AMP for WP plugin that allows any registered user to perform administrative actions on a WordPress site.  It has now been discovered that an active XSS attack is underway that targets these same vulnerabilities to install backdoors and create rogue admin accounts. […]

from https://www.bleepingcomputer.com/news/security/active-xss-attacks-targeting-amp-for-wp-wordpress-plugin/