I was informed by a colleague last month that a WordPress plugin: Simple 301 Redirects, had recently become the target & tool used to carry out mass website hacks over the last few months.
The plugin allows attackers to exploit a vulnerability in the plugin update feature that results in redirection control over the entire website.
Websites that are hacked can often find their content also filled with pornographic and malicious links that could potentially harm devices. Not fun if you’ve got hundreds of websites that use this plugin.
You can read more about it at NinTechNet