A file upload vulnerability in the OptimizePress theme allowed attackers to infect thousands of Wordpress websites, reports Sucuri.
The vulnerability in question is at "lib/admin/media-upload.php" location that allows anyone to upload any kind of files to the "wp-content/uploads/optpress/images_comingsoon" folder.
Sucuri Team has detected that more than 2,000 websites using the Optimizepress theme have been compromised. All of the compromised sites have been injected with iFrame to same malicious domain.
Almost 75% infected websites have already been blacklisted in Google Safe browsing.
If you are using the above theme, you are urged to immediately upgrade to the latest version. Otherwise, you will soon find yourself victim to malware infection.