A vulnerability in a commonly-used WordPress plugin has given hackers access to between 30,000 and 50,000 websites. The cybercriminals used the plugin to access servers and infect other non-WordPress sites as well.
MailPoet is a plugin that allows WordPress users to post newsletters and automatically generate notifications and responses on their site. The plugin has 1.7 million downloads. The newest version is 2.6.7 and is considered safe, so if you use this plugin, you need to update it immediately.
The injected malware installs a backdoor account that gives attackers full administrative control. It also injects backdoor code into all themes and core files. Making matters worse, the malicious code also overwrites valid files, a side effect that causes many sites to fall over and display the message: "Parse error: syntax error, unexpected ‘)’ in /home/user/public_html/site/wp-config.php on line 91."
WordPress users aren't the only ones who need to be on alert. Once the malware infects the server of a website with MailPoet, it tries to spread to other sites. Traces of the virus have been found on sites using Joomla and Magento.
If you think your website is affected, you need to contact your website service and your server host immediately.