Feb 28, 2017, 11:35 AM
Stories like this are entirely too common:
Researchers Find "Severe" flaw in WordPress plugin with 1 million installs
The vulnerability stems from a "severe" SQL injection bug in NextGEN Gallery, a WordPress plugin with more than 1 million installations. Until the flaw was recently fixed, NextGEN Gallery allowed input from untrusted visitors to be included in WordPress-prepared SQL queries. Under certain conditions, attackers can exploit the weakness to pipe powerful commands to a Web server's backend database.
The inherent problem with having your platform be both an authoring tool and a publishing platform is vulnerabilities in the publishing platform expose your authoring tools to the world. This is one of the primary reasons SwiftBlog has strict separation between authoring and publishing.