/Shouts Out to Richard Clifford
I just want to say thanks to Richard Clifford. He sent me an email to say he noticed one of our WordPress plugins had an XSS vuln. Interestingly enough, he wrote the exploit for it — http://packetstormsecurity.com/files/123490/WordPress-Semper-Fi-Cross-Site-Scripting.html. Thanks for the heads-up, Richard!
I’m grepping the logs now :]
Update: There was no abuse in the logs. Our WordPress and all plugins have been upgraded to latest.