Three popular WordPress plugins suffer from a critical zero-day vulnerability that enables an attacker to take over a website. The bug is a PHP object injection flaw that affects the following plugins: Appointments, Flickr Gallery and RegistrationMagic-Custom Registration Forms. All three have already received a fix for the security issue, which is rated Critical with a CVSS rating of 9.8.8. So theres no time to waste. If you administer your website, make sure you keep your plugins updated.”]
Source: https://grahamcluley.com/critical-zero-day-bug-wordpress-plugins/