First Forbes and others reported that the Drupalgeddon security issue in an old version of the popular Drupal CMS was a cause for the Mossack Fonseca information leak causing the massive information leak on tax evation via offshore companies.
Now WordFence is reporting that they have also found WordPress has a vulnerable plugin which as been exploited in the largest leak of confidential information to date:
The Mossack Fonseca website runs WordPress and is currently running a version of Revolution Slider that is vulnerable to attack and will grant a remote attacker a shell on the web server. It is now certainly been proven that maintaining your open source software is equally (in not even more so) important than that of closed source ones. An open door is an invitation.