Again Word Press:
https://wordpress.org/news/2017/05/wordpress-4-7-5/This CMS will always be a disaster in the hands of those that do not know what to do and how to configure Word Press properly.
Many sites are very easily being compromised that way or can be infested any minute.
Look what could be wrong with a Word Press website here:
https://hackertarget.com/wordpress-security-scan/Eddy here and little old me also often meet: old software versions, old plug-in and vulnerable themes, outdated plug-ins or left code even. User Enumeration & Directory Listing enabled, iFrame issues, cloaking, not sticking to the so-called same origin rule, none or not the right security headers generated, no sri-hashes being generated and lots of other insecurity.
So there are a lot of websites with bad CMS with vulnerable jQuery libraries. One could scan here:
https://aw-snap.info/file-viewer/Redleg alerts for many issues. I have been posting about these issues so many times now, and gave at these forums so many scanner examples in the "virus and worms", but I fear again it will be pearls for the swines and not much improvement will be seen and website admins and many hosters will never come to pick up "best practices". The main Internet Infrastructure is a very dangerous place, folks.
polonus