Hi, on one of our servers that uses wp-pagenavi we had a hack attempt targeted at wp-pagenavi. We were using version 2.83 on wordpress 3.9.1, I have since upgraded to 2.85. An example of the hack request from our access logs was:
"GET /wp-content/plugins/wp-pagenavi/cache/external_c1dd189dfe3a128aaed2b98ce6a18575.php?ask78=echo%20'xx23423'.'2xxcv3'.'dcfxcx2xdf';die(); HTTP/1.1"
This returned a 200 response so it is worrying. There were multiple request that were variations of this all targeted at wp-pagenavi that crashed our server.
I am just posting this to make you aware that there might be a security issue. If you want more details then please contact me.