I read today* about a vulnerability in Revolution Slider. This is a very popular plugin, and is bundled with the 2nd most popular theme on Theme Forest, X | The Theme.
*It took 3 months for the severity of this attack to go from discovery to me via a colleague. Probably partially due to the fact that I’m not on Twitter all the time, but I’m quite disappointed that Envato did not alert anyone who bought the plugin or one of the 1,197 themes with Revolution Slider embedded, warning them of this vulnerability.