WordPress is an excellent website for websites, but it does seem to be troubled by vulnerabilities.
According to Threatpost, this vulnerability in the MailPoet plug-in could allow an attacker to take over any site running it without authentication. The plug-in allows developers running WordPress to send newsletters and manage subscribers within the content management system and has nearly two million downloads to date.
However the serious vulnerability could apparently allow an attacker to upload any file remotely to a site using the plugin, including PHP. Every version of MailPoet is vulnerable except for the most recent version, 2.6.7, released Tuesday and users are urged to update it as soon as possible.