By: WordPress Security – More On Themes And Plugins (ActiveBlogging)

[…] talks about care in downloading themes, explaining how one was hacked. Digging into the malicious code chunk myself, I found that the code goes out and loads a file from one of three sites (logging the visit as well, by the way). Once loaded, the code can be either displayed on the blog, or actually executed. […]