From en.secnews.gr
Cybercriminals are exploiting one vulnerability that allows execute code remotely. Vulnerability is known as CVE-2021-25094 and is located at Tatsu Builder plugin for WordPress, which is installed in thousands websites.
It is estimated that a large number are running a vulnerable version of the plugin, although there has been a patch since early April.