Three popular WordPress plugins were playing host to malicious code for 24 hours. The plugins include WPtouch, AddThis and W3 Total Cache. WordPress creator Auttomatic initiated a systemwide reset for WordPress.org, forcing all users to change their password. The company locked out changes to other plugins while it checked the integrity of their code. The incident says less about the security of open-source code and more about whether administrators should question whether they should immediately apply downloads, a security expert says.”]
Source: https://www.csoonline.com/article/2128876/wordpress-warns-server-admins-of-trojans.html