Third party web applications + privilege escalation

Vulnerabilities of this severity should certainly be fixed faster, particularly for shared web hosts or VPSs with more than one site. Users will often install a web application such as WordPress or Joomla, which itself enables installation via a web console of third party plugins/extensions that often have security holes, and neither the web app or the plugins are systematically kept up to date by many people. Many users of these apps know nothing about Linux, installing the app via a control panel and the plugins via the app.

The result is that a single web app on a shared server with a single vulnerable plugin can result in the whole server being compromised.