Hackers have exploited three zero-days to install backdoors on WordPress sites, according to a security alert published minutes ago by WordPress security firm Wordfence. […]

from https://www.bleepingcomputer.com/news/security/three-wordpress-plugin-zero-days-exploited-in-the-wild/