It has emerged over the last few days that the MailPoet Newsletters plugin has a critical vulnerability which would allow a hacker to upload malicious files to the server and take control of the site.
It is estimated that up to 50,000 WordPress sites have been infected so far.
This issue has been fixed in version 2.6.7 of the plugin which was released on the 1st of July.
With this plugin having been downloaded almost 2 million times the potential for widespread infection is huge.
The vulnerability allows for the creation of an admin user and infects core theme files with backdoor code. It seems the hackers have since updated the code so that it infects existing files making it very hard to detect and clean out. Most sites are also not broken by the infection meaning many people will have no idea their site is compromised.
If you are using this plugin we would recommend you run a full security scan and make sure you are using the latest version of the plugin (version 2.6.8 at time of writing).
Once again this highlights the need for a proper maintenance strategy for your WordPress site and to ensure you have regular off-server backups to save you hours trying to clean an existing install.