WordPress hacked it was OptimizePress TWICE

UPDATE – ANOTHER HACK !!!!! Started January 2013

And this Time I used the most current version of OP!!!

This folder was infected:

wordpress/wp-content/uploads/optpress/images_comingsoon

File:

2013012216-23-06filem.php

and in April:

wordpress/wp-includes

File

wp-RbLO9K.php

You want your blog get hacked? Infiltrated? Use Optimizepress and get it hacked!

OptimizesPress is a security risk!

Sadly I only found out, when I completely scanned my harddrive with avast.. and my old backups

Even the crapshit clamAV never found anything.

Now I have to check my installation, see what is messed up…

Dont come with „use the latest blabla“. I USED the latest version!!!

old———– 2011

Hi,

one of my smaller blogs got hacked on friday the 25th.

2 files got infected, I cant say if the database is infected (just restored a 1 week old backup to be save).

I found 2 files infected (so far.. )

config.inc.php
version.php

I did some research and found out: it was OptimizePress!

It was OptimizePress that allowed my wordpress blog to be hacked!

They offer a german (old) 1.43 version, that hat the faulty timthumb exploit. I used it on my german squeeze page and got hacked…

A few days ago, they released 1.45 in german..

I checked other languages, like french an spanish, the offer the insecure 1.43 in those languages.

THATS BAD!

This exploit is 4 months old, and they do nothing to secure their customers!

And the secure 1.45 was released just a few days ago.. Thats about 4 months of unsecure wordpress template!

French, russian, spanish? DONT USE IT!

So? How can this be?