Social Warfare plugin is urging users to update as soon as possible after it patched a vulnerability that was being exploited in the wild. The plugin, Social Warfare, lets users add social media sharing buttons to their websites. Wordfence said that the most recent version of the plugin (3.5.2) was plagued by a stored cross-site scripting vulnerability. Social Warfare has an active install base of over 70,000 sites and over 805,000 downloads. If users cannot update, developers recommended they disable the plugin.
Source: https://threatpost.com/wordpress-plugin-removed-after-zero-day-discovered/143051/