Three WordPress plugins 0day vulnerabilities uncovered, thousands compromised

The more moving parts a website has, the more potential vulnearbilities and entry points it may have, also. This is particularly true with WordPress, whose platform revolves, in good measure, around different plugins. Each plugin is a potential disaster waiting to happen, and the bigger the userbase of a specific plugin, the bigger the headline once it hits the fan. That puts enormous pressure on plugin developers to keep their products secure and up-to-date, as well as webmasters to make sure they update their platform regularly. On the other hand, security researchers that discover vulnerabilities, usually do the honourable thing – they notify the developers of any discovered vulnearbility and keep their mouths shut until a patch is released. Only then do they usually announce their findings and pick up the royalties. Not this person, however. Today's 'hero of the day' is an individual that publicly disclosed three 0day vulnerabilities in different WordPress plugins, exposing some 160,000 websites to hacking attempts, before notifying the plugins' respective owners.