Vulnerable plugin Social Warfare has been removed from the WordPress plugin store and later added back after the development team issued a patch to fix for the zero-day vulnerability. The vulnerability is especially dangerous since it allows remote unauthenticated attackers to execute JavaScript code stored in the database of WordPress websites that use the Social Warfare plugin in the browsers of all website visitors. The plugin’s developers told customers who could not update their installation immediately to disable the plugin on their WordPress-powered website and only enable it back after applying the v3.5.3 patch.
Source: https://www.bleepingcomputer.com/news/security/zero-day-wordpress-plugin-vulnerability-used-to-add-malicious-redirects/