Last night the web site for the WordPress Multilingual plugin (WPML) WordPress plugin was hacked and users of the plugin started receiving receiving emails stating that the plugin is filled with vulnerabilities. According to WPML, this was caused by a ex-employee who left a backdoor in their site. The plugin allows you to add multilingual support to WordPress and according to their site is used by 600,000 users. The hacker also hacked the site to include “Security Holes”” as a feature of the product on its purchase page.”
Source: https://www.bleepingcomputer.com/news/security/ex-employee-hacks-wpml-wordpress-plugin-site-and-spams-users/