Zero-day vulnerability in WordPress YellowPencil Visual CSS Style Editor plugin actively exploited.