A vulnerability within two widely used WordPress plugins is already being exploited by hackers. The vulnerability is an XSS (cross-site scripting) flaw in which the malicious payload runs as a result of modifying a browser’s DOM. The payload that is delivered is executed directly in the browser and doesn’t go to the server. WordPress runs 23 percent of the sites on the Internet, including major publishers such as Time and CNN, according to Sucuri. Last month, WordPress patched two critical and similar vulnerabilities.”]