We recently had one of our WP sites compromised at work and we're now in the process of assessing the fallout. Is there some kind of security issue submission process? I'm imagining something like bugtraq, but more WordPress-specific.
Here is what the attack looked like on the back-end code and resulting front-end HTML.
We're already working with an incident response team to help us find evidence of the servers themselves being compromised. So far there's no evidence. And I'm now going through the steps mentioned on the Codex FAQ.
Since we were up-to-date when this happened, I'm trying to assess the likelihood of entry points besides insecure code, such as privilege escalation or weak user passwords. But I'm also still not 100% sure one of our plugins might have had a known issue. Is there a comprehensive database of plugin/theme versions that are known to have security issues? This seems like something that should exist, if not.