A self-proclaimed security provider who publicly disclosed flaws before patches were available played a key role in the debacle. Over the past three weeks, a trio of critical zeroday vulnerabilities in WordPress plugins have exposed 160,000 websites to attacks that allow criminal hackers to redirect unwitting visitors to malicious destinations. In-the-wild exploits against Social Warfare, a plugin used by 70,000 sites, started three weeks ago. Some of the code used in the attacks appeared to have been copied and pasted from the vulnerability posts.”]