From Wordfence Security comes this alert regarding some WordPress plugins. Check to see if you're using any of them and take the appropriate action to secure your sites.

We are now seeing exploits for the following vulnerabilities in the wild. If you use a plugin in this list, please upgrade to the newest version, or if the problem exists in the current version, contact the developer for guidance.

BuddyPress 1.9.1 has two separate vulnerabilities including a privilege escalation vulnerability and a an XSS vulnerability both disclosed publicly on Feb 13th, 2014 by Pietro Oliva. BuddyPress released a fix on Feb 5th which is BP version 1.9.2. We're now seeing widespread distribution of exploits in the wild for these vulnerabilities so please make sure you've upgraded.

Better WP Security suffers from an XSS vulnerability in 3.6.3 and possible earlier versions. Upgrade immediately to 3.6.5. More on their blog. We're seeing exploits in the wild for this.

VideoWhisper 4.27.3 - Multiple Vulnerabilities including unrestricted Upload of File with Dangerous Type, Cross-Site Scripting, Path Traversal, Information Exposure Through Externally-Generated Error Message. A fix was released 8 weeks ago and we're seeing exploits in the wild. Upgrade to 4.29.6 which is the newest version.

WP Cron Dashboard 1.1.5 which is the current version (and has not been updated in 2 years) has a confirmed XSS vulnerability. Please remove the plugin or contact the developer for guidance. More details on the National Cyber Awareness System.

Acunetix WP Security Make Backup 4.0.3 may have a CSRF Vulnerability according to a post on PacketStorm which may be usable in a complex attack. This is the current version. Please contact the developer for guidance.