On July 4th, 2014 a vulnerability was discovered in the MailPoet Newsletters plugin for WordPress that allows code to be remotely injected into any sites that are running versions 2.6.7 or older.
Am I affected?
The MailPoet Newsletters plugin developer is aware of the vulnerability and has provided an update in the most recent version which is version 2.3.8. If you are running MailPoet Newsletters version 2.3.7 or earlier, you will need to update your plugin immediately.
What if I have become compromised?
If you have become compromised, we recommend that you restore from any backups that you have been making as soon as possible, as well as update the MailPoet Newsletters plugin immediately following the restoration. If you are unable to restore from a backup, be sure to check through your code for any issues, as well as update the plugin as soon as possible to version 2.6.8.
How do I prevent this in the future?
The best line of defense in avoiding security issues is to keep your WordPress installation and plugins up to date at all times.