The flaw, found in the Hashthemes Demo Importer plugin, allows any authenticated user to exsanguinate a vulnerable site, deleting nearly all database content and uploaded media.
https://threatpost.com/wordpress-plugin-bug-wipe-sites/175826/
QNAP is warning clients that a recently disclosed vulnerability affects most of its NAS devices, with no mitigation available while the vendor readies a patch.
https://threatpost.com/qnap-customers-adrift-fix-openssl-bug/179197/