Yesterday we looked at what happened when a popular plugin, Display Widgets, was purchased by someone (or someones) with malicious intent and people on the WordPress side of things handle things poorly. In a link included in one of the comments on that post we found another piece of the what happened that makes WordPress’ handling of this seem worse,
Source: Security Feed