Researchers discovered vulnerabilities that can allow for full site takeover in login and e-commerce add-ons for the popular website-building platform.
Researchers have discovered three WordPress plug-ins with the same vulnerability that allows an attacker to update arbitrary site options on a vulnerable site and completely take it over. Exploiting the flaw does require some action from the site administrator, however.
Ref:https://threatpost.com/plugins-vulnerability-84k-wordpress-sites/177654/
