Another WordPress plugin injection vuln. The original supply chain vulnerability. (Well, no, but you can smell what I'm cooking right?)
Critical Flaws in WordPress Plugin Leave 10,000 Sites Vulnerable
https://www.infosecurity-magazine.com/news/flaws-wordpress-plugin-expose/