Wordfence detailed a vulnerability in the Social Warfare plugin, and discussed the attack campaigns against it. These issues were reported widely as Cross Site Scripting (XSS) flaws, due to an unexpected disclosure and proof of concept released by an unnamed researcher. Attackers have issued persistent exploit attempts against this flaw, which are primarily connected to injected JavaScript redirect activity.
