
Virally growing attacks on unpatched WordPress sites affects ~2m pages - geerlingguy
https://arstechnica.com/security/2017/02/virally-growing-attacks-on-unpatched-wordpress-sites-affects-2m-pages/
======
geerlingguy

        So far, the vulnerable sites under these new attacks are those
        running WordPress plugins such as Insert PHP and Exec-PHP, which
        allow visitors to customize posts by inserting PHP-based code
        directly into them.
    

This is never a good idea. Don't allow your content admins to add executable
code to a CMS!

~~~
technologyvault
I'd guess that it was hackers who would even think about creating those
plugins in the first place.

