Attackers target new XSS in millions of WordPress sites

Dirty hole in default plugins

Sucuri researcher David Dede has uncovered a critical cross-site scripting (XSS) vulnerability in a default WordPress plugin that allows attackers to hijack websites."