A popular WordPress theme plugin that’s installed on some 200,000 websites has been found to contain a serious vulnerability that, if abused, could allow remote attackers to wipe the sites and gain admin access to them.