Attacks started around three weeks ago and are still going on. Users should update the WP GDPR Compliance plugin to version 1.4.3 to protect their sites.
Article Link: https://www.zdnet.com/article/zero-day-in-popular-wordpress-plugin-exploited-in-the-wild-to-take-over-sites/#ftag=RSSbaffb68