The popular Mailpoet(wysija-newsletters) WordPress plugin had a serious file upload vulnerability a few months back, allowing an attacker to upload files to the vulnerable site.
This issue was disclosed months ago, the MailPoet team patched it promptly. It seems though that many are still not getting the word, or blatantly not updating, because we are seeing another string of mass exploitation attempts against WordPress websites. Those that are not or have not updated are getting infected repeatedly via this vector, the issue is further compounded because the attackers are using it as a spring board into the reset of their account further compromising their entire account.
more here..........http://blog.sucuri.net/2014/10/wordpress-websites-continue-to-get-hacked-via-mailpoet-plugin-vulnerability.html
This issue was disclosed months ago, the MailPoet team patched it promptly. It seems though that many are still not getting the word, or blatantly not updating, because we are seeing another string of mass exploitation attempts against WordPress websites. Those that are not or have not updated are getting infected repeatedly via this vector, the issue is further compounded because the attackers are using it as a spring board into the reset of their account further compromising their entire account.
more here..........http://blog.sucuri.net/2014/10/wordpress-websites-continue-to-get-hacked-via-mailpoet-plugin-vulnerability.html