WordPress Plugin Bug Opens 100K Websites to Compromise

Legions of website visitors could be infected with drive-by malware, among other issues, thanks to a CSRF bug in Real-Time Search and Replace. Via Vulnerabilities – Threatpost https://threatpost.com