WordPress is an extremely popular blogging platform that makes extensibility easy through thousands of third-party plug-ins. Now one of those plug-ins, called MailPoet (link), is causing issues for thousands of sites (some estimate the number to be between 50,000-100,000).
A MailPoet vulnerability has been discovered and exploited in the wild that allows attackers to inject malware, spam or defacement webpages into any site running the vulnerable plug-in without authenticating.
CEO of Sucuri, a security research firm, has seen a huge spike in sites being compromised by cybercriminals to install and deploy backdoors. (link)