A WordPress plugin with over 70,000 installations was found to have a zero-day vulnerability that was exploited in the wild. The plugin, “Social Warfare,” was open to attacks through use of a stored Cross-Site Scripting (XSS) vulnerability. The flaw would allow attackers to inject malicious JavaScript code into the social share links present on a site’s posts. The Social Warfare plugin is one of the most popular WordPress social media sharing plugins and has more than 805,000 downloads.”]