“It looks like sites which have not upgraded to 2.6.3 are being exploited in an interesting way whereby a hacker, probably using an automated script, is hacking into sites with the vulnerability and changing the settings of one of the dashboard modules to point to a different feed thereby encouraging people to go to a different site which is offering a dodgy upgrade.”
That was the response of Peter Westwood (one of the lead developers of popular blogging software provider WordPress) upon news that some of its users with an outdated WordPress installation may be prompted to download a more compromised version from a spoof website (wordpresZ.org).
It’s important that all customers verify the source, security and legitimacy of any software that they install to their Pipe Ten hosting accounts and pay special attention when upgrading.
Read more at The Register – Fake site punts Trojanised WordPress and additional analysis at the sources blog.