The Adning Advertising plugin for WordPress, a premium plugin with over 8,000 customers, contains a critical remote code-execution vulnerability with the potential to be exploited by unauthenticated attackers. The plugin s author, Tunafish, has rolled out a patched version (v.1.5.6), which site owners should update to as soon as possible. The bug could allow complete site takeover, earning it a 10 out of 10 on the CVSS bug-severity scale.
Source: https://threatpost.com/advertising-plugin-wordpress-full-site-takeovers/157283/