Second major Wordpress vulnerability uncovered this month
Wordpress is huge - it's used to power a significant portion of the websites on the internet - so when a vulnerability is discovered it's rightly big news. Earlier this month it was discovered that a botnet was being built using Wordpress installations that had been brute-force hacked and sysadmins and bloggers the world over rushed to update their login details with the hope that they'd protect themselves from being compromised.
Now, two popular Wordpress plugins have tripped up and this time the hack is far more worrying - instead of a chance that a site could be forced open, this hack did most of the hard work and would allow the attacker the ability to run any PHP code they want on the vulnerable site server. The plugins in question are WP Super Cache and W3TC - two caching solutions that are intended to make Wordpress-powered sites faster.
Both plugins have since been updated to remove this vulnerability so if you run a Wordpress blog using one of them make sure you update as soon as you can.
More info can be found here.