www.zdnet.com/article/thousands-of-wordpress-sites-backdoored-with-malicious-code/
So, if you have a site with old plugins needing an update or have plugins with no updates because they are unmaintained - well, you are vulnerable. Fix it.
This should not be news other than no notify sites (I hope not mine) that there are issues. I'm not clear on what the author recommends end users do to deal with such shocking news.
Also on: