If legitimate plugins purchased from known sites are vulnerable, you can imagine the hazards that come with obtaining a pirate copy from a rogue site for free. In fact, nothing is truly free. These sites ensnare website operators with pirate copies so they can compromise site users' machines for theft or fraud. The security and privacy risks with legitimate plugins are high since too many have not been designed with strong defenses. The most potent defense for today's site owners is to stay far left of any breaches by maintaining a mindset that anticipates risks at every turn. Carefully vet what is allowed to run on a website and continually monitor that site. Anything out of the ordinary will harm users or erode user experience. Either way, the business' reputation and revenues will take a hit.  Read Less