Researchers discovered vulnerabilities that can allow for full site takeover in login and e-commerce add-ons for the popular website-building platform. Researchers have discovered three WordPress plug-ins with the same vulnerability that allows an attacker to update arbitrary site options on a vulnerable site and completely take it over. Exploiting the flaw does require some action from the site administrator, however, however. As of now, the flaw has been updated and the flaw patched, but the discovery of the bugs multiple occurrences reflects an ongoing issue.”]
Source: https://threatpost.com/plugins-vulnerability-84k-wordpress-sites/177654/