A report released today by phishing protection company SlashNext Inc. warns of a dangerous new WordPress plugin that is being used by cybercriminals to turn legitimate websites into phishing traps.