Plug-ins and themes can add functionality to web services but they also offer an opportunity for malware authors. Fox-IT published a whitepaper that describes how this threat is being seen with themes and plug-ins for popular web server software. The malicious add-ins are creating backdoors for black hat search engine optimization.
Read more here:
http://www.securityweek.com/backdoored-cms-plugins-used-hijack-web-servers