More and more attacks taking advantage of a XSS and RCE bug in the popular plugin have cropped up in the wild. Palo Alto Networks Unit 42 division said in an analysis Monday that approximately 60,000 active installations were found at the time of writing which are potentially vulnerable until they update to 3.5.3 Social Warfare allows websites to add social sharing buttons to their pages. A zero-day exploit was spotted shortly after the bug was disclosed, prompting plugin to disable downloads until the updated version was released.
Source: https://threatpost.com/exploits-social-warfare-wordpress/144051/