Bug in WordPress plugin can let hackers wipe up to 200,000 sites

Same bug can also let attackers gain access to the admin account.