An unpatched vulnerability in the Rich Reviews plugin for WordPress is putting an estimated 16,000 sites in danger of stored cross-site scripting (XSS) attacks. The vulnerability is not a zero-day; the plugin s developers are aware of the vulnerability, researchers said however, so far there’s no fix. To protect themselves, users should remove the plugin from their sites for now. The developers have released a statement: We ve been working on an overall rewrite of this plugin for a while now, but someone out there apparently wanted us to work faster on it, and decided to exploit our plugin
Source: https://threatpost.com/unpatched-bug-wordpress-xss/148656/