According to media reporting, cybercriminals have recently found and exploited a vulnerability in the popular WordPress plugin WP GDPR Compliance. The vulnerability allowed the malicious actors to access WordPress sites and install backdoor scripts.
The vulnerability has now been patched, but according to reports, there are still many WordPress based sites using the non-patched version.
The motivation behind this compromise is not yet clear, but it is likely the hackers intended to use the backdoor as a means of harvesting user credentials which they could monetise at a later date.
If you have a WordPress site, ensure that it is patched by downloading the latest version.