The maker of a WordPress plugin, Yellow Pencil Visual Theme Customizer, is asking all users to immediately update after it was discovered to have software vulnerabilities that are being actively exploited.
The attacker exploiting these flaws has been behind several other recent plugin attacks these past few weeks, researchers said.
A visual-design plugin which allows users to style their websites, Yellow Pencil has an active install base of more than 30,000 websites. However, the plugin was discovered to have two software vulnerabilities which are now under active exploit.