WordPress sites are being hacked to install malicious plugins that display fake software updates and errors to push information-stealing malware. […]
from https://www.bleepingcomputer.com/news/security/over-6-000-wordpress-hacked-to-install-plugins-pushing-infostealers/