WordPress Plugin Vulnerability
I started getting alerts from clients and so I needed to make you aware of something going on that likely does not affect you, but might.
There is an old plugin, called WP-PhpMyAdmin, that has been unsupported by its developer for several years, that has been removed from the WordPress repository because it contains files that can expose your site to hacking.
This was done some time ago – but now someone is again badly exploiting the security hole and we’re seeing infected sites again.
This plugin should be used under NO circumstance.
If you have a brand new site its unlikely you are using it unless you (or your tech person) installed from an old backup. However please check your site real quick for the presence of this as it exposes your database (and all logins) to the outside world.
Your Partner In Online Success
PS: This site is now running the pre-release (RC1) version of WordPress 3.2. Though the ongoing #500 errors are not related, I’d appreciate any other bugs reported directly or reported to me. Please remember I beta test extensively and your bug reports help me ensure that a stable release is available to you when it goes live.