Remember the old saying about bad things coming in threes? Flaw hunters Wordfence would probably agree with the sentiment after uncovering some nasty zero-day flaws in a trio of WordPress plugins.
Not a great start, then, but much worse is that the vulnerabilities were already being exploited when the company discovered them by chance during recent attack investigations – meaning anyone running them is vulnerable and should update immediately.
Source: Hackers pounce on 3 vulnerable WordPress plugins – Naked Security