As avid readers of this blog know, we’ve discovered or written about multiple vulnerabilities within the WordPress ecosystem over the last couple of weeks specifically relating to popular plugins. MailPoet and Custom Contact Forms drove the bulk of the engagement, but those using WPTouch, TimThumb and vBulletin were also made aware of vulnerabilities.
If it seems like most of the problems occur with plugins, it’s because it’s the truth. In fact, it’s not just restricted to Plugins, but includes Themes and any number of other extensions or services that a website might make use of. This actually applies beyond the realm of WordPress and is something that all website owners should be mindful of.