A popular WordPress plugin that allows site owners to easily customize the contact form has a critical vulnerability that can be exploited to download and remotely modify the site's database, and gain access and control of the site - no account or authentication needed.
WordPress users who also use the MailPoet plugin are urged to update it as soon as possible, as all versions but the latest one are plagued with a critical flaw that could allow attackers to remotely upload any file on their vulnerable website.
The developers of Jetpack, one of the most widely used WordPress plugins, are urging users to download and implement the latests versions that fix a critical security bug.
WordPress 3.8.2 is now available. This is an important security release for all previous versions and you should update immediately.
If you run a WordPress site, and are trying to make some money through it, think twice before installing "free" versions of premium plugins.