Yet another vulnerability has been discovered for a WordPress plugin. The vulnerability that was located potentially gave the attacker the ability to access and modify not only that specific website's source code but also be able to infect every site on the server!
3B Data Security are finding increasingly more successful attacks being achieved through third-party plugins.
If you own a system that has been compromised through third-party plugins. Do not think that because you have outsourced the website functionality to another company, that you are by default safe and no longer at risk. If you are running an eCommerce website that gets breached because of a specific plugin, you as an entity may still have to have a PFI investigation and face fines. It is important to remember that if you have agreed to use third-party code you are responsible for any vulnerabilities it may bring to the environment.
Critical Wordpress plugin bug lets hackers take over hosting account