A privilege escalation vulnerability in the Yellow Pencil Visual Theme Customizer plugin exposes WordPress websites to hack. Experts at security firm Wordfence observed a high volume of attempts to exploit the vulnerability after a security researcher publicly disclosed this week proof of concept (POC) for a set of two software vulnerabilities affecting the plugin. “On Tuesday a security researcher made the irresponsible and dangerous decision to publish a blog post including a proof of concept (POC) detailing how to exploit a set of two software vulnerabilities present in the plugin.” reads the blog post published by Wordfence. The exploits very closely resemble the POC posted by the irresponsible researcher.” The experts said the privilege-escalation vulnerability exists in the yellow-pencil.php file. Experts found similarities with other campaigns recently observed by the security experts, like the attacks that attempted to exploit vulnerabilities the Social Warfare, Easy WP SMTP and Yuzo Related Posts plugins.