Hackers are actively exploiting a recently fixed vulnerability in the WordPress Advanced Custom Fields plugin