The open-source WordPress blog and content management system (CMS) software is widely deployed and is increasingly being targeted by attackers too.
The root cause of a WordPress vulnerability more often than not is an exploitable plug-in, which is what’s going on now with the MailPoet WordPress plug-in. Security researcher Daniel Cid of security firm Sucuri is reporting that a vulnerable MailPoet plug-in is the entry point for malware that is infecting even sites that don’t have MailPoet installed.