A trio of critical zero-day vulnerabilities in WordPress plugins has exposed 160,000 websites to attacks after a security researcher publicly disclosed the flaws before patches were made available.
The Yuzo Related Posts and Yellow Pencil Visual Theme Customizer WordPress plugins that are used by 60,000 and 30,000 websites respectively came under attack once flaws in their code were revealed publicly online.
When the zero-day posts were published, both plugins were removed from the WordPress plugin repository which led websites to remove the plugins or risk being attacked themselves.
Yellow Pencil issued a patch three days after the vulnerability was disclosed but the Yuzo Related Posts plugin remains closed as no patch was developed for it.
WordPress at 15 - Inside the web's most popular hosting service
It's a jungle out there: Don't leave your WordPress sites in the wild