Malicious actors are actively exploiting a DOM-based cross-site scripting (XSS) vulnerability that could potentially affect a large number of WordPress plugins and themes, Sucuri has warned.