One of the files is called class-social-facebook.php, suggesting it would block any potential unwanted Facebook spam. Instead, it was designed to list all of the active plugins within the WordPress installation, including security ones, and then disable all of them.
Read full news article on SecurityWeek