If you’re a user of All In One SEO pack, there is a reported vulnerability (via WordFence) that “allows authenticated users with contributor level access or above … to inject malicious scripts that would be executed if a victim accessed the wp-admin panel’s ‘all posts’ page.”
A patch addressing this vulnerability has been released, so make sure you are using the latest version of the plugin. 🔒
