After security researchers discovered that the attack traffic for cross-site scripting vulnerabilities has increased 30 times recently, they urged WordPress administrators to ensure that all their plugins are updated to the latest version.
According to Ram Gall, a security researcher from Wordfence, the surge in malicious WordPress traffic has peaked in the past few weeks. On May 3, more than 500,000 personal site attacks were attempted more than 20 million times. In the past month, security vendors have detected attacks from 900,000 sites from 24,000 different IP addresses.
In this case, the most important thing is to keep using the latest plugins and deactivate and delete all plugins that have been deleted from the WordPress plugin repository. The vast majority of these attacks target vulnerabilities patched a few months or years ago.