Administrators or site owners are advised to update the following WordPress plug-ins to the latest versions as all associated vulnerabilities are under active exploit and could provide scammers with the ability to hijack sites:
- Duplicator
- Profile Builder Plug-In
- Themegrill Demo Plug-In
- Flexible Checkout Fields for WooCommerce
- Async, JavaScript
- 10Web Map Builder for Google Maps
- Modern Events Calendar Lite
Additionally, the plug-in ThemeRexAddons, which is pre-installed with all ThemeRex commercial themes is under active exploit, and a patch is unavailable. Users are advised to remove this plug-in from their sites asap.