WordPress Plugin Vulnerability in Async JavaScript <= 2.19.07.14
https://www.wordfence.comThe Async JavaScript WordPress plugin has 100,000+ active installations and can be used to control of which scripts to add an ‘async’ or ‘defer’ attribute to or to exclude to help increase the performance of your WordPress website. In version <= 2.19.07.14 and below, there is a vulnerability that allows hackers to injected a payload to execute malicious JavaScript when a WordPress administrator views certain areas of their dashboard. This is a common plugin SEO folks might use to improve performance, so best to check and update it ASAP.
The issue has been fixed in Version 2.20.02.27+ which is available now from the WordPress Plugin Repo.