"About an hour ago a researcher from the Netherlands disclosed multiple serious vulnerabilities in the InfiniteWP Admin Panel. This panel is used to manage multiple WordPress sites and appears to be used by over 300,000 customers. The vulnerabilities include SQL injection and remote file upload vulnerabilities.
InfiniteWP was notified by the researcher and has released two fixes, the most recent of which was released yesterday. However the researcher went ahead and disclosed the vulnerabilities an hour ago on two security lists, which has given very little time for customers to upgrade.
So we're sending this urgent security alert to let any InfiniteWP Admin Panel customers know that they need to upgrade immediately to avoid having the sites they manage with this product exploited. "
Please see their blog post for further details and if you are using this Wordpress plugin please update it immediately.
PAC Web Hosting
Wednesday, December 10, 2014