This is one that was announced by the company discussed in Big Trouble In Plugin Land. They dropped details and proof-of-concept exploit for a critical flaw in a widely-used WordPress plugin.
No fix is available, and the plugin has been pulled from the WordPress repository. (But that doesn’t help anyone who already has it installed and is dependent on its features.)