Thousands of WordPress websites were impacted by three remote code execution vulnerabilities that were identified in the PHP Everywhere plugin, the Wordfence team at WordPress security company Defiant warns.