According to the report released by the researchers at Sucuri, vulnerable plugins and extensions “account for far more website compromises than out-of-date, core CMS files”.