7th May 2015
WordPress is a very popular target for attempts to compromise and attack web sites, and it comes as no real surprise that another attack is out.
Like many, it relies on people not changing or removing default items in WordPress that aren't needed - in this case the default "Twenty Fifteen" theme - which will be on every install unless you remove it (it isn't good enough to simply use a different theme!). Researchers from Securi also discovered the issue in the JetPack plugin - so it is likely that millions of Wordpress sites are in reality vulnerable.
To avoid the issue:
1) Remove the Twenty Fifteen theme entirely from your WordPress installation
2) If you have a genericcons/example.html file anywhere you've likely got the plugin - remove the example.html file.
If you're a customer having issues, please contact our Support Team.