If you have not updated your WordPress plugins for some time, then do it now. At least 50,000 users , had not done this and their websites got hacked because of a serious flaw in MailPoet plugin.The particularly nasty thing about this malware is that it attacks both wordpress and non-wordpress sites very effectively.
This serious flaw was found by Sucuri Mr. Marc-Alexandre, a researcher at the website security company Sucuri who later sent it to the developers of MailPoet WordPress plugin.
The word press developers have made a serious mistake in developing this plugin, which has made more than 1,7 million websites vulnerable to cyber attacks. MailPoet wordpress plugin is a popular plugin which is used for sending newsletters, Post notifications and auto-responders to subscribers/registered users. The current vulnerability in MailPoet plugin corrupts many wordpress files, resulting in complicated PHP error messages on users websites.
There is a Patch (A critical security update): Version 2.6.7 available for download to remove this securtity vulnerability and prevent it from spreading further. All the versions which are below 2.6.7 are weak and can be attacked. So If you are using this plugin MailPoet on your WordPress site and have not yet updated it, then I strongly advise you to catch up on this as soon as possible and don’t leave any backdoor open for hackers. Also use the special wordpress security plugin for more security of your website but never forget to read the user’s reviews first about the plugin you want to install before going any further.
The developers of MailPoet Plugin have published a guide on their site which will help you recover your site if it got hacked. Here is the link:
You can download the Critical Security Update for MailPoet WordPress Plugin Vulnerability Here.