Last night a user in Amsterdam (Audit Trail plugin) managed to log in as the admin and alter the most recent post. All they did was insert a lot of "6" characters inside a font tag with a style that was supposed to hide all the sixes, but didn't.
I had what I thought was a moderately secure password 8 characters long, only one properly spelled word in it, and one non-alphanumeric character.
I'm not really asking for help, just posting in case it happens to others, leaving a trail for reference. I'm keeping an eye on it. Had been hacked twice in the last month with 2.3.1 so I relented and upgraded. learned my lesson! Here's the list and version of plugins I had installed when 2.3.3. post was altered. I went and got the latest versions when I went to 2.3.3.
Admin Supermenu 0.1
Akismet 2.1.3
Audit Trail 1.0.8
Flexible upload 1.9
Get-a-Post R1.4
Markdown 1.0.1k
Post Image R1.1.1
Preview Frame 1.2
Preview Theme 1.0
Simple Recent Comments 0.1.2
the_excerpt Reloaded R1
Top Posts By Category 1.0
Userextra 0.3
Usermeta 0.4
WordPress.com Stats 1.1.1
WordPress Database Backup 2.1.5
Zap_NewWindow 1.2
oh yeah.. the site is Skate And Annoy dot com. Registering was disabled but I had a few members without privileges that I hadn't purged yet.
