There is no definite answer as each plugin, whether available in a repo or not, should be handled on its own merit. Also, who says that that plugin caused your site to get hacked, it might have being a loophole in another plugin or even your theme.
Just in general, one should avoid using plugins and themes that are not actively being maintained as it does have an increased security vulnerability
Related Posts:
- What security concerns should I have when setting FS_METHOD to “direct” in wp-config?
- I found this in a plugin. What does it do? is it dangerous?
- Disabled plugins are they security holes – rumor or reality?
- What could a hacker do with my wp-config.php
- How Can I Securely Implement a Password-less Login Feature?
- Security and .htaccess
- Why “Contact Form 7” doesn’t update PHPmailer library?
- Are there procedures to prevent malicious plugin updates?
- Does WordPress contain “default” anti-SQL injection code that responds with a 404 error?
- Why allow overriding crucial pluggable functions wp_verify_nonce and wp_create_nonce?
- Where should my plugin POST to?
- Security error WP 4.0 + WP phpBB Bridge [closed]
- Should I install plugins to my WordPress installation from web sites having in URL “nulled” or, “null”?
- Disabled plugins are security holes – rumor or reality?
- Should I use RIPS tool to test my themes and plugins?
- Prevent Brute Force Attack
- Why users disable the WordPress update?
- How many security plugins are too many? [closed]
- Will WordPress username displayed somewhere in the site?
- Upgrading WordPress 4.0 asks for FTP password
- Is revealing just the AUTH_KEY a security issue?
- How Restrict access to admin dashboard by specific static ip?
- When is it useful to use wp_verify_nonce
- Protecting against malicious code in WordPress plugin updates
- How to expire all wordpress user passwords instantly?
- How to limit WordPress pages during updates?
- rms_unique_wp_mu_pl_fl_nm.php
- Weird problems after recovery from security breach
- How can we deal with unmaintained plugins with vulnerabilities?
- Security issues with WP sites
- Security checking in meta_box save is reluctant?
- Escape when echoed
- Should you escape hardcoded URLs?
- Preventing BFA in WordPress without using a plugin
- How can I make uploaded images in the editor load with HTTPS?
- How to stop xmlrpc attacks without disabling component to allow JetPack to work in WordPress?
- WordPress filter that hook after each action/filter hook
- How to delete Passwrd Protected posts cookies when a user logged out from the site
- The safest way to automate WordPress backups
- wp_create_nonce function doesn’t work inside a plugin?
- Does WordPress validate inputs to all functions? (such as get_user_meta and insert_user_meta)
- Headers Content-Security-Policy CSP Major Issue
- How to block plugin activations with no known user or coming from unknown IP address range?
- Nonce failing on form submission
- Check for security updates
- Standard Fail2Ban vs. WP Fail2ban vs. WP Fail2Ban Redux
- Why can’t I access my Intranet LDAPS with NADI?
- Malicious File Upload [closed]
- Stop Plugin Enumeration [closed]
- Malware installation during plugin update?
- I should enable automatic updates?
- Can some vulnerabilities in plugins be exploited even when the plugin is inactive?
- Prevent direct access to WordPress plugin assets?
- Is it safe to use admin-ajax.php in the frontend?
- How to protect WordPress from security scanner [closed]
- Too many login attempts
- Is there any pre-existing plugin to track and block IPs with suspicious activity on my site?
- Website show Google Ads when we have no Google Ads linked to our website
- Vulnerability Concern From the Plugin or From Not Updating the Plugin?
- Custom API plugin to execute 3rd party API to retrieve data
- How to deal with Slow HTTP POST (slowloris) vulnerability
- Running multiple security plugins
- how do I secure my WP website from hackers? [closed]
- Chrome Dev Tools console says every page in my blog has link to http://maps.google.com [closed]
- Webservice credential storage [duplicate]
- Regarding plugin security
- How do I determine if the user who registered is not spam?
- Is this plugin safe to run?
- Is the Block Bad Queries Plugin Still Relevant?
- 404 errors when updating options in admin dashboard
- Hide plugins and theme from public
- Security of a WordPress Plugin
- How can I disable new plugin and theme install, but allow updates?
- Help to Create a Simple Plugin to make a post
- Validating ajax search
- WordPress disable direct access of files in WordPress installation path
- Asking help regarding potential malware
- prevent anonymous access to WordPress site (non-admin site)
- Bing/msn bots is heavily requesting random of my website
- Securing a plugin pop-up window
- Redux framework somehow added to my site, can’t locate in plugins
- Being hacked. Is there a list of WordPress security holes I can check against?
- wp_verify_nonce fails always
- How can i see/log all requests coming from a registration form (not from the UI)?
- Write mysql credentials in plugin
- Site is continuously accessing by several IPs
- using .htaccess only for wordpress security no plugins
- SWF in wordpress post
- Unwanted Links and Spam WordPress Pages and Posts
- Problem with permissions in wp-content/plugins
- File permissions for wp-minify plugin
- What is the recommended way to be notified of security updates to my plugins? [closed]
- My WP site and password was hacked, what to do? [closed]
- How to resolve these findings from security audit
- How to delete Password Protected posts cookies when a user logged out from the site
- Stop the user if login from the cookies
- WordPress User Registration/ Sign Up -> Able to take Paid Certification Courses & keep track of Completed Certificates
- Block Root REST API Route using custom &/or iThemes
- Secure way to add JS Script to WordPress filesystem
- How to verify/test that a custom built wordpress theme is as secure as possible?