Sucuri, an online firm that offers website scanning, monitoring, and malware removal services, has recently found a serious security vulnerability in the MailPoet WordPress plugin. This plugin helps users create newsletters, post notifications and auto-responders and has a record of over 1.7 million downloads. Therefore, the impact is HUGE over the internet. The good news is that this vulnerability has been patched. If you run your WordPress website with this plugin, please update the plugin to 2.6.7 version ASAP.
What Exactly is the Problem?
The bug allows for any PHP file to be uploaded. What that means is the vulnerability can allow an attacker to use your website for phishing lures, sending SPAM, host malware, and much more. You can read the details about this security bug by visiting the Sucuri blog article.
Once again, update the plugin ASAP. In fact, you should always keep your WordPress version and all plugins up-to-date in order to keep your sites secured.