WordFence announced that Brad Haas, of their Senior Security Analysts, , recently discovered a zero-day vulnerability in the Ultimate Form Builder Lite WordPress plugin being exploited in the wild. WprdFence immediately deployed a new firewall rule, so Premium WordFence clients are now protected since the security vulnerablilty was discovered. The author has also released a fix. WordPress sites running the Ultimate Form Builder Lite plugin who are don't have the WordFence Premium plugin should update immediately to ensure protection.