On July 4th, 2014 a vulnerability was discovered in the MailPoet Newsletters plugin for WordPress that allows code to be remotely injected into any sites that are running versions 2.6.7 or older.
Am I affected?
Thankfully, the developer of the MailPoet Newsletters plugin has released an update that resolves the security vulnerabilities. If you are running the latest version of MailPoet Newsletters which is currently version 2.6.8, you are NOT vulnerable. If you are running an older version of this plugin, you need to update immediately to prevent your site from becoming compromised.
What if I have become compromised?
We recommend to fully restore from any backups that you have previously made in the past to be safe, and update the MailPoet Newsletters plugin as soon as possible. If you do not have a backup that you can restore from, we recommend looking through your code for abnormalities.
How do I prevent this in the future?
There is no 100% way to avoid vulnerabilities, bit your best line of defense is to keep all plugins updated at all times which dramatically decreases your chances of running a vulnerable site.